PT-2025-38585 · Crates.Io · Toodee

Published

2025-09-09

·

Updated

2025-09-09

CVSS v4.0

8.8

High

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:L/SI:L/SA:L
An off-by-one error in the DrainCol::drop destructor could cause an unsafe memory copy operation to exceed the bounds of the associated vector.
The error was related to the size of the data being copied in one of the ptr::copy invocations inside the destructor.
When removing the first column from a TooDee object, the DrainCol return object could cause a heap buffer overflow vulnerability when it is dropped.
The issue was fixed in commit e6e16d5 by reducing the copied size by one.

Fix

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

GHSA-PFP7-VXGR-83PW

Affected Products

Toodee