PT-2025-23647 · Crates.Io · Users

Published

2025-01-15

·

Updated

2025-01-15

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Affected versions append root to group listings, unless the correct listing has exactly 1024 groups.
This affects both:
  • The supplementary groups of a user
  • The group access list of the current process
If the caller uses this information for access control, this may lead to privilege escalation.
This crate is not currently maintained, so a patched version is not available.
Versions older than 0.8.0 do not contain the affected functions, so downgrading to them is a workaround.

Recommended alternatives

  • uzers (an actively maintained fork of the users crate)
  • sysinfo

Related Identifiers

RUSTSEC-2025-0040

Affected Products

Users