N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-c2hm-mjxv-89r4

EPSS Score

CWE

Published

9/4/2023

Updated

9/16/2024

KEV Status

Technology

Rust

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-c2hm-mjxv-89r4

GHSA-c2hm-mjxv-89r4: Multiple soundness issues in lexical

lexical contains multiple soundness issues:

Bytes::read() allows creating instances of types with invalid bit patterns
BytesIter::read() advances iterators out of bounds
The BytesIter trait has safety invariants but is public and not marked unsafe
write_float() calls MaybeUninit::assume_init() on uninitialized data, which is is not allowed by the Rust abstract machine
radix() calls MaybeUninit::assume_init() on uninitialized data, which is is not allowed by the Rust abstract machine

The crate also has some correctness issues.

Alternatives

For quickly parsing floating-point numbers third-party crates are no longer needed. A fast float parsing algorithm by the author of lexical has been merged into libcore.

For quickly parsing integers, consider atoi and btoi crates (100% safe code). atoi_radix10 provides even faster parsing, but only with -C target-cpu=native, and at the cost of some unsafe.

For formatting integers in a #[no_std] context consider the numtoa crate.

For working with big numbers consider num-bigint and num-traits.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-c2hm-mjxv-89r4

GHSA-c2hm-mjxv-89r4:

N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-c2hm-mjxv-89r4

EPSS Score

CWE

Published

9/4/2023

Updated

9/16/2024

KEV Status

Technology

Rust

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
lexical	rust	<= 6.1.1	7.0.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The identified functions are directly referenced in the vulnerability reports with specific soundness violations. Each corresponds to documented issues: Bytes::read() for invalid bit patterns, BytesIter::read() for iterator safety, write_float() and radix() for improper MaybeUninit usage. The public BytesIter trait's lack of unsafe marking is a design flaw but doesn't represent a specific function implementation vulnerability. All listed functions have clear technical explanations in the advisory links and demonstrate direct violations of Rust's safety guarantees.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-c2hm-mjxv-89r4: Multiple soundness issues in lexical

Alternatives

GHSA-c2hm-mjxv-89r4:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

N/A

N/A

Technical Details

GHSA-c2hm-mjxv-89r4: Multiple soundness issues in lexical

Alternatives

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI