Wiz
Vulnerability DatabaseGHSA-7vjm-6qgq-3mrq

GHSA-7vjm-6qgq-3mrq
Rust vulnerability analysis and mitigation

Overview

The vulnerability (GHSA-7vjm-6qgq-3mrq) affects the Shaman crate, a Rust package, and was discovered in version 0.1.0 and earlier versions. The issue was reported on May 6, 2025, and officially published to the GitHub Advisory Database on November 3, 2025. This vulnerability is classified as a soundness issue in the package's cryptographic utility functions (RustSec Advisory, GitHub Advisory).

Technical details

The vulnerability specifically affects multiple cryptographic utility functions in the Shaman crate, including writeu64vle, readu32vbe, readu32vle, readu64vbe, readu64vle, and writeu32vle. These functions contain a memory safety issue where they cannot guarantee the safety of get_unchecked operations when both lengths are zero. The vulnerability has been assigned a low severity rating (GitHub Advisory).

Impact

The vulnerability presents memory corruption risks due to soundness issues in the cryptographic utility functions. The impact is particularly concerning as the package is now unmaintained, leaving users without official support or security updates (RustSec Advisory).

Mitigation and workarounds

Currently, there are no patched versions available for this vulnerability. Given that the package is unmaintained, users are advised to consider alternative maintained cryptographic libraries for their projects (RustSec Advisory).

Additional resources

SourceThis report was generated using AI

Related Rust vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

GHSA-wwxp-hxh6-8gf8HIGH7.3
  • RustRust
  • binary_vec_io
NoNoOct 22, 2025
GHSA-x77x-7mmh-cxv3MEDIUM5.5
  • RustRust
  • ncurses
NoNoOct 22, 2025
CVE-2025-62711LOW2.1
  • RustRust
  • wasmtime
NoYesOct 24, 2025
GHSA-xcpm-76hf-c9ccLOW2
  • RustRust
  • borrowck_sacrifices
NoYesOct 22, 2025
GHSA-7vjm-6qgq-3mrqLOWN/A
  • RustRust
  • shaman
NoNoNov 03, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo