GHSA-wwxp-hxh6-8gf8: 
Rust Análisis y mitigación de vulnerabilidades

The binaryvecio crate contains memory safety violations in its binaryreadtoref and binarywritefromref functions, identified as GHSA-wwxp-hxh6-8gf8. The vulnerability was discovered and reported on October 21, 2025, and affects all versions up to and including 0.1.12. These functions, which are declared as safe, can cause undefined behavior through stack-based buffer overflow when improperly used (GitHub Advisory, RustSec Advisory).

The vulnerability stems from functions that accept a single reference (&T or &mut T) but allow multiplication by n to create slices, causing stack buffer overflow when n > 1. Both affected functions use unsafe code improperly through std::slice::fromrawparts to create slices larger than the underlying allocation. The issue has been assigned a High severity rating with a CVSS score of 7.3, classified under CWE-120 (Buffer Copy without Checking Size of Input). The vulnerability has been confirmed using Rust's Miri interpreter, which flags the operation as Undefined Behavior (GitHub Gist).

When exploited, this vulnerability can lead to stack-based buffer overflow, potentially causing memory corruption and undefined behavior in affected applications. The impact metrics indicate high severity for confidentiality, integrity, and availability of the vulnerable system (GitHub Advisory).

No patches are available as the binaryvecio repository is archived and unmaintained. The project has been thoroughly deprecated, and users are advised to discontinue using any code from this repository (RustSec PR).

The original maintainer has confirmed that the project is thoroughly deprecated, and nothing should be using any code from that repository (RustSec PR).