GHSA-wwxp-hxh6-8gf8: 
Rust vulnerability analysis and mitigation

The binaryvecio crate contains memory safety violations in its binaryreadtoref and binarywritefromref functions (GHSA-wwxp-hxh6-8gf8). The vulnerability was discovered and disclosed in October 2025, affecting all versions up to 0.1.12. The issue exists in the Rust package binaryvecio, which is now archived and unmaintained (GitHub Advisory, RustSec Advisory).

The vulnerability stems from unsafe implementations in two functions that accept a single reference (&T or &mut T) but allow multiplication by n to create slices, potentially causing stack buffer overflow when n > 1. The functions use fromrawparts to create slices larger than the underlying allocation, which violates Rust's memory safety guarantees. The vulnerability has been assigned a CVSS score of 7.3 (High severity) and is categorized under CWE-120 (Buffer Copy without Checking Size of Input) (GitHub Advisory).

When exploited, this vulnerability can lead to stack-based buffer overflow, potentially causing memory corruption and undefined behavior. The impact metrics indicate high severity for confidentiality, integrity, and availability of the vulnerable system (GitHub Advisory).

There are no patched versions available as the repository is archived and unmaintained. Users are advised to discontinue use of this crate and seek alternative solutions (RustSec Advisory).

The maintainer of the original codebase has confirmed that the repository is thoroughly deprecated and stated that no code from that repository should be in use (GitHub PR).