GHSA-jmwx-r3gq-qq3p: 
Rust vulnerability analysis and mitigation

The vulnerability (GHSA-jmwx-r3gq-qq3p) affects the vec-const Rust crate in versions prior to 2.0.0. The issue was discovered and reported on August 14, 2021, and was officially issued on August 21, 2021. The vulnerability stems from the crate's incorrect claim of being able to construct a constant Vec with nonzero length and capacity, which is fundamentally impossible due to Vec's requirement for an allocator-provided pointer (RustSec Advisory, GitHub Advisory).

The vulnerability is classified as moderate severity and relates to memory corruption issues. The technical problem arises from the crate's attempt to construct a Vec from a pointer to a const slice, which is fundamentally unsound as Vec requires a pointer from an allocator for proper initialization. This issue was later addressed by modifying the implementation to use std::borrow::Cow instead (RustSec Advisory).

The vulnerability could potentially lead to memory corruption issues in applications using the affected versions of the vec-const crate, as it incorrectly handles memory allocation and management for constant vectors (GitHub Advisory).

The issue has been resolved in version 2.0.0 of the vec-const crate, which implements a different approach using std::borrow::Cow. Users are advised to upgrade to version 2.0.0 or later to address this vulnerability (RustSec Advisory).