GHSA-95hm-pr6q-298w: 
Rust vulnerability analysis and mitigation

The vulnerability (GHSA-95hm-pr6q-298w) affects the fast-able Rust crate versions prior to 1.13.7. The issue involves a public accessible struct SyncVec that contains an unsafe get_unchecked method exposed as a safe public API. The vulnerability was discovered and reported in April 2025 and was publicly disclosed in September 2025 (RustSec Advisory).

The vulnerability stems from insufficient bounds checking in the SyncVec struct's get_unchecked method implementation. The method accepts an index parameter and uses it without proper validation, which could lead to out-of-bounds memory access. The vulnerability has been assigned a high severity rating with a CVSS score of 8.7, with attack complexity rated as low and no privileges or user interaction required for exploitation (GitHub Advisory).

The vulnerability primarily affects system availability, with no direct impact on confidentiality or integrity. When exploited, it can lead to a Denial of Service (DoS) condition through memory corruption. The CVSS metrics indicate high availability impact on the vulnerable system, while subsequent system impacts are rated as none (GitHub Advisory).

Users should upgrade to version 1.13.7 or later of the fast-able crate, which contains the patch for this vulnerability (RustSec Advisory).