RUSTSEC-2025-0050: 
Rust vulnerability analysis and mitigation

A memory safety vulnerability was discovered in the id-map Rust crate version 0.2.1, identified as RUSTSEC-2025-0050. The vulnerability was discovered by the PursecLab research team and reported on August 5, 2025. The issue affects objects created with the IdMap::from_iter constructor, which can lead to deallocation of uninitialized memory (GitHub Issue).

The vulnerability stems from the implementation of IdMap::fromiter where the function uses the capacity of the values vector to initialize the ids field of the resulting IdMap object. When the IdMap is dropped, the dropvalues method attempts to deallocate each element in the ids field. The issue occurs because drop_values iterates over ids and uses each id as an index into the values vector. If values.len() is less than values.capacity(), then id may exceed the length of values, resulting in an attempt to drop uninitialized memory (GitHub Issue).

When exploited, this vulnerability leads to undefined behavior and can cause segmentation faults in applications using the affected id-map crate. The issue specifically manifests when dropping objects created with IdMap::from_iter, potentially causing application crashes and memory corruption (GitHub Issue).