Bchalios

**Name of the Vulnerable Software and Affected Versions** vmm-sys-util versions 0.5.0 through 0.12.0 **Description** The issue is related to the `FamStructWrapper::deserialize` implementation, which can lead to out of bounds memory accesses due to a mismatch between the length stored in the header and the flexible array length. This can allow out of bounds memory access through Rust-safe methods. The issue was corrected in version 0.12.0 by inserting a check that verifies the lengths of compared flexible arrays are equal for any deserialized header and aborting deserialization otherwise. Moreover, the API was changed so that header length can only be modified through Rust-unsafe code. **Recommendations** For versions 0.5.0 through 0.11.0, update to version 0.12.0 to resolve the issue. As a temporary workaround, consider restricting access to the `FamStructWrapper::deserialize` function until a patch is available. Avoid using the `FamStructWrapper::deserialize` function in Rust-safe code to minimize the risk of exploitation.