PT-2025-54613 — Crates.Io Capnp

PT-2025-54613 · Crates.Io · Capnp

Published

2025-12-24

Updated

2025-12-24

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

The safe API functions constant::Reader::get and StructSchema::new rely on PointerReader::get root unchecked, which can cause undefined behavior (UB) by constructing arbitrary words or schemas.

`Reader::get`

rust

pub fn get(&self) -> Result<<T as Owned>::Reader<'static>> {
  // ...
  // UNSAFE: access `words` without validation
}

`StructSchema::new`

rust

pub fn new(builder: RawBrandedStructSchema) -> StructSchema {
  // ...
  // UNSAFE: access encoded nodes without validation
}

This vulnerability allows safe Rust code to trigger UB, which violates Rust's safety guarantees.

The issue is resolved in version 0.24.0 by making constructor functions unsafe and mark the fields of struct as visible only in the crate.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

RUSTSEC-2025-0143

Affected Products

Capnp