Wiz
Vulnerability DatabaseRUSTSEC-2024-0386

RUSTSEC-2024-0386
Rust vulnerability analysis and mitigation

Overview

The vulnerability (RUSTSEC-2024-0386) was discovered in the strason Rust library, specifically related to unsound implementation of unsafe code in the conversion from [u8] to Json types. The issue was identified and reported on August 20, 2024, affecting the latest version of the strason library (GitHub Issue).

Technical details

The vulnerability exists in the visit_bytes function implementation at src/object.rs line 40. The function performs an unsafe conversion from [u8] to Json using raw pointers, which can create misalignment issues when the type size of [u8] is smaller than the type size of Json. This implementation could potentially lead to undefined behaviors in Rust (GitHub Issue).

Impact

The unsound implementation could result in undefined behaviors in Rust programs using this library. If the problematic converted types are manipulated, it could potentially lead to various consequences including access out-of-bound issues (GitHub Issue).

Mitigation and workarounds

The library maintainer has acknowledged the issue and indicated that the library has been unmaintained for over 6 years. Users are discouraged from using this library, and the maintainer plans to push a new major revision that removes the library functionality to prevent further usage through crates.io (GitHub Issue).

Community reactions

The issue was reported to the RustSec Advisory Database, indicating community awareness and proper vulnerability tracking procedures (GitHub Issue).

Additional resources

SourceThis report was generated using AI

Related Rust vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-66627HIGH8.4
  • RustRust
  • wasmi
NoYesDec 09, 2025
GHSA-xrv8-2pf5-f3q7MEDIUM6
  • RustRust
  • nitro-tpm-pcr-compute
NoYesDec 05, 2025
CVE-2025-67487MEDIUM5.5
  • RustRust
  • static-web-server
NoYesDec 09, 2025
CVE-2025-66622LOW1.3
  • RustRust
  • matrix-sdk-base
NoYesDec 09, 2025
RUSTSEC-2025-0135N/AN/A
  • RustRust
  • matrix-sdk-base
NoYesDec 08, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo