CVE-2025-48756

Name of the Vulnerable Software and Affected Versions scsir crate version 0.2.0

Description The issue arises from an overflow in the group number due to a potential mismatch between the expected number of bits by a hardware device, typically a small number such as 5 bits, and the actual value provided. This discrepancy can lead to unexpected behavior.

Recommendations For scsir crate version 0.2.0, consider implementing input validation to ensure the group number does not exceed the expected number of bits, thereby preventing the overflow. Additionally, review the hardware device's documentation to understand its specific requirements for the group number and adjust the scsir crate accordingly to prevent mismatches. At the moment, there is no information about a newer version that contains a fix for this vulnerability.