GHSA-7v4j-8wvr-v55r: 
Rust vulnerability analysis and mitigation

The vulnerability (GHSA-7v4j-8wvr-v55r) affects the array-macro Rust crate versions 2.1.0 to 2.1.2, discovered on April 27, 2022. The issue involves the array! macro's unsound behavior when handling impure constant expressions as array lengths. This moderate severity vulnerability was officially published to the GitHub Advisory Database on June 16, 2022, and last updated on January 12, 2023 (GitHub Advisory, RustSec Advisory).

The vulnerability stems from the array-macro crate substituting the array length provided by a user at compile-time multiple times. The implementation contained the count expression in two distinct places: in the array vector initialization and in the while loop condition. When an impure constant expression (such as a result from an impure procedural macro) is passed as an array length, these two instances could evaluate to different values, leading to potential memory corruption (GitLab Issue).

When exploited, this vulnerability can result in the initialization of an array with uninitialized types, which could potentially allow an attacker to execute arbitrary code. The issue affects memory safety and can lead to memory corruption and memory exposure (RustSec Advisory).

The vulnerability was patched in version 2.1.2 of the array-macro crate. The fix was implemented in commit d5b63f72, ensuring that the array length is substituted just once. Users are advised to upgrade to version 2.1.2 or later to address this security issue (GitHub Advisory).