Wiz
Vulnerability DatabaseRUSTSEC-2023-0075

RUSTSEC-2023-0075
Rust vulnerability analysis and mitigation

Overview

RUSTSEC-2023-0075 is a vulnerability discovered in the unsafe-libyaml Rust crate that involves unsafe precondition violations. The issue specifically relates to pointer alignment and null pointer violations in the ptr::write operation (GitHub Issue).

Technical details

The vulnerability manifests when using unsafe-libyaml with specific build configurations, particularly when compiling to WASM with threading support. The issue occurs in the yaml_parser_fetch_stream_start function where a ptr::write operation violates safety requirements regarding pointer alignment and null checks. The problem surfaces specifically when using build flags for atomics and bulk-memory features (GitHub Issue).

Impact

When triggered, the vulnerability causes runtime panics in applications using the affected library, particularly in WASM environments. This can lead to application crashes with an 'unreachable' runtime error, affecting the stability and functionality of applications using the unsafe-libyaml crate (GitHub Issue).

Mitigation and workarounds

The vulnerability has been addressed in version 0.2.11-1 of the rust-unsafe-libyaml package (Debian Tracker). Users are advised to upgrade to this version or later to resolve the issue.

Additional resources

SourceThis report was generated using AI

Related Rust vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2026-22863CRITICAL9.2
  • RustRust
  • deno
NoYesJan 15, 2026
CVE-2026-23519HIGH8.9
  • RustRust
  • yazi
NoYesJan 15, 2026
RUSTSEC-2026-0003HIGH8.9
  • RustRust
  • cmov
NoYesJan 14, 2026
CVE-2026-22864HIGH8.1
  • RustRust
  • deno
NoYesJan 15, 2026
CVE-2026-22782LOW2.9
  • RustRust
  • rustfs
NoYesJan 16, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo