PT-2026-53939 · Crates.Io · Memmap2

Published

2026-06-20

·

Updated

2026-06-20

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Affected versionf of memmap2 did not perform enough validation on the offset and len parameters of Mmap::[unchecked ]advise range(), MmapMut::[unchecked ]advise ranage() and MmapMut::flush[ async] range().
This can cause undefined behavior due to invalid values being passed to pointer::offset() and pointer::add() when passing an out-of-bounds range to any of the affected functions.
The flaw was corrected in commit [cee7cf0] and released in version 0.9.11.
The invalid pointer is not dereferenced, but it is passed to the madvise and msync syscalls and their Windows equivalents.
Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

RUSTSEC-2026-0186

Affected Products

Memmap2