PT-2026-29840 · Crates.Io · Scaly

Published

2026-01-19

·

Updated

2026-01-19

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Affected versions contain multiple safe APIs that can trigger undefined behavior:
  • Array<T>::index can perform an out-of-bounds read.
  • String::get length can perform an out-of-bounds read.
  • String::append character can perform an invalid write.
  • String::to c string can perform an out-of-bounds write.
These issues were reproduced against scaly 0.0.37 under Miri. And the crate is unmaintained.
Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

RUSTSEC-2026-0080

Affected Products

Scaly