GHSA-79m9-55jc-p6mw: 
Rust vulnerability analysis and mitigation

The scanner Rust package has been identified with a vulnerability (GHSA-79m9-55jc-p6mw) affecting versions 0.1.0 and below. The vulnerability was discovered and disclosed in March 2025, involving insufficient bounds checking in the public API, specifically in the Match::get() and Match::ptr() functions (RustSec, GitHub Advisory).

The vulnerability is classified as low severity with a CVSS score of 2.7 and is categorized under CWE-125. According to the CVSS v4 metrics, the vulnerability has a network attack vector, low attack complexity, requires no privileges or user interaction, and has low impact on both confidentiality and availability. The technical issue stems from Match::get() and Match::ptr() functions lacking sufficient bounds checks, which can lead to out-of-bounds reads (GitHub Advisory).

The vulnerability's impact is primarily characterized by potential out-of-bounds reads, which could affect system security. The CVSS metrics indicate low impact on confidentiality and availability, with no impact on integrity. The vulnerability affects the vulnerable system directly, with no subsequent system impacts (GitHub Advisory).

Currently, there are no patched versions available for this vulnerability. A pull request was submitted to address the issue by making struct fields only visible inside the struct and adding unsafe markers to notify developers (Scanner PR).