GHSA-79m9-55jc-p6mw: 
Rust vulnerability analysis and mitigation

The scanner Rust package has been identified with a vulnerability affecting versions 0.1.0 and below. The issue involves insufficient bounds checking in the public API, specifically in the Match::get() and Match::ptr() functions, which was discovered and disclosed in March 2025 (RustSec, GitHub Advisory).

The vulnerability is classified as low severity with a CVSS score of 2.7. The technical issue stems from Match::get() and Match::ptr() functions lacking sufficient bounds checks, which can lead to out-of-bounds reads. The vulnerability has been categorized under CWE-125. According to the CVSS v4 metrics, the vulnerability has network attack vector, low attack complexity, requires no privileges or user interaction, and has low impact on both confidentiality and availability (GitHub Advisory).

The vulnerability's impact is primarily characterized by potential out-of-bounds reads, which could affect system security. The CVSS metrics indicate low impact on confidentiality and availability, with no impact on integrity. The vulnerability affects the vulnerable system directly, with no subsequent system impacts (GitHub Advisory).

Currently, there are no patched versions available for this vulnerability. A pull request was submitted to address the issue by making struct fields only visible inside the struct and adding unsafe markers to notify developers (Scanner PR).