N/A

CVSS Score

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-9fjq-45qv-pcm7

GHSA-9fjq-45qv-pcm7: ruint affected by unsoundness of safe `reciprocal_mg10`

The function reciprocal_mg10 is marked as safe but can trigger undefined behavior (out-of-bounds access) because it relies on debug_assert! for safety checks instead of assert!.

When compiled in release mode, the debug_assert! is optimized out, potentially allowing invalid inputs to cause memory corruption.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-9fjq-45qv-pcm7

GHSA-9fjq-45qv-pcm7:

N/A

CVSS Score

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
ruint	rust	<= 1.17.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability exists in the reciprocal_mg10 function within the ruint crate. The core of the issue is the use of debug_assert! for a critical safety check. In Rust, debug_assert! macros are only enabled in debug builds and are completely removed in release/optimized builds to improve performance. The patch replaces debug_assert!(d >= (1 << 63)); with assert!(d >= (1 << 63));. The assert! macro remains in release builds, thus enforcing the necessary precondition on the input d and preventing the out-of-bounds access. The vulnerable function is reciprocal_mg10 because it contains this flawed check. During exploitation in a release build, a call to this function with an invalid d would trigger the vulnerability.

Vulnerable functions

reciprocal_mg10

src/algorithms/div/reciprocal.rs

The function `reciprocal_mg10` in `src/algorithms/div/reciprocal.rs` uses `debug_assert!` to check a precondition on its input `d`. This assertion is compiled out in release builds, meaning the check is not performed. If an invalid value for `d` is passed to the function in a release build, it can lead to an out-of-bounds memory access, causing undefined behavior.

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-9fjq-45qv-pcm7: ruint affected by unsoundness of safe `reciprocal_mg10`

GHSA-9fjq-45qv-pcm7:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

GHSA-9fjq-45qv-pcm7: ruint affected by unsoundness of safe `reciprocal_mg10`

N/A

N/A

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI