N/A

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-qq4c-hm99-979m

EPSS Score

CWE

CWE-665

Published

8/18/2025

Updated

8/18/2025

KEV Status

Technology

Rust

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-qq4c-hm99-979m

GHSA-qq4c-hm99-979m: IdMap from_iter may lead to uninitialized memory being freed on drop

Due to a flaw in the constructor id_map::IdMap::from_iter, ill-formed objects may be created in which the amount of actually initialized memory is less than what is expected by the fields of IdMap. Specifically, the field ids is initialized based on the capacity of the vector values, which is constructed from the provided iterator. However, the length of this vector may be smaller than its capacity.

In such cases, when the resulting IdMap is dropped, its destructor incorrectly assumes that values contains ids.len() == values.capacity() initialized elements and attempts to iterate over and drop them. This leads to dereferencing and attempting to free uninitialized memory, resulting in undefined behavior and potential segmentation faults.

The bug was fixed in commit fab6922, and all unsafe code was removed from the crate.

Note that the maintainer recommends using the following alternatives:

slab
slotmap

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-qq4c-hm99-979m

EPSS Score

CWE

CWE-665

Published

8/18/2025

Updated

8/18/2025

KEV Status

Technology

Rust

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
id-map	rust	>= 0.1.6, < 0.2.2	0.2.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability lies in the id_map::IdMap::from_iter constructor, which can create a malformed IdMap instance. Specifically, it initializes the ids field based on the capacity of the values vector, which can be larger than the number of elements actually initialized from the input iterator. When an IdMap created this way is dropped, its destructor (id_map::IdMap::drop) calls id_map::IdMap::drop_values. This function then iterates over the oversized ids set and attempts to drop elements from the values vector, leading to reads of uninitialized memory and subsequent attempts to free it. This results in undefined behavior and can cause a segmentation fault. The fix involves changing from_iter to correctly size the ids set based on the number of elements and removing the manual, unsafe drop implementation in favor of safer, compiler-generated code.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*u* to * *l*w in t** *onstru*tor `i*_m*p::I*M*p::*rom_it*r`, ill-*orm** o*j**ts m*y ** *r**t** in w*i** t** *mount o* **tu*lly initi*liz** m*mory is l*ss t**n w**t is *xp**t** *y t** *i*l*s o* `I*M*p`. Sp**i*i**lly, t** *i*l* `i*s` is initi*liz** **s

Reasoning

T** vuln*r**ility li*s in t** `i*_m*p::I*M*p::*rom_it*r` *onstru*tor, w*i** **n *r**t* * m*l*orm** `I*M*p` inst*n**. Sp**i*i**lly, it initi*liz*s t** `i*s` *i*l* **s** on t** **p**ity o* t** `v*lu*s` v**tor, w*i** **n ** l*r**r t**n t** num**r o* *l*

N/A

Basic Information

Concerned about an active attack path?

GHSA-qq4c-hm99-979m: IdMap from_iter may lead to uninitialized memory being freed on drop

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI