This page collects WhisperX intelligence signals tagged #memory-safety. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical integer overflow vulnerability has been identified in the widely-used Rust `bytes` crate. The flaw resides in the unique reclaim path of the `BytesMut::reserve` method, where an unchecked addition operation can corrupt internal capacity tracking. Specifically, the condition `if v_capacity >= new_cap + offset...
A critical security vulnerability has been disclosed in the widely-used Rust `rand` library, designated GHSA-cq8v-f236-94qc. The flaw is classified as an 'unsoundness' issue, meaning that safe Rust code using the library's public API can trigger undefined behavior (UB), potentially leading to crashes or security exploi...
A critical vulnerability in the widely-used `jq` command-line JSON processor exposes any application using its library to potential memory disclosure or crashes. The flaw, tracked as CVE-2026-39979, resides in the `jv_parse_sized()` API within `libjq`. This function is designed to safely parse JSON from a counted buffe...
A critical soundness vulnerability in the widely used Rust crate `rand` has been patched in version 0.9.3. The flaw, tracked as GHSA-cq8v-f236-94qc, is a library unsoundness issue, meaning safe Rust code using the public API could trigger undefined behavior—a severe class of bug that can lead to crashes or security exp...
A critical security vulnerability has been disclosed in the widely used Rust crate `rand`, designated GHSA-cq8v-f236-94qc. The flaw is a soundness issue, meaning safe Rust code using the library's public API can trigger undefined behavior (UB), a severe class of bug that can lead to crashes or security exploits. The vu...
A critical memory safety vulnerability has been disclosed in the widely-used Rust crate `bytes`, allowing for potential out-of-bounds memory access and undefined behavior. The flaw, tracked as CVE-2026-25541, resides in the unique reclaim path of the `BytesMut::reserve` function. In release builds, an unchecked additio...
A critical security vulnerability in the widely used Rust crate `rand` has been patched in version 0.9.0. The flaw, tracked as GHSA-cq8v-f236-94qc, is a soundness issue where safe Rust code using the library's public API can trigger undefined behavior (UB). This represents a fundamental breach of Rust's memory safety g...
A pull request patching a memory safety vulnerability in the tokio async runtime has been abandoned, leaving a known unsoundness flaw in the broadcast channel component unresolved. The update to tokio v1.43.1, which addresses a soundness issue tracked as GHSA-rr8g-9fpq-6wmg, was marked abandoned without merged resoluti...
A security-focused update to the Wasmtime WebAssembly runtime addresses a soundness vulnerability that could expose Rust embedders to data race conditions. The patch, which upgrades the crate from version 26.0 to 36.0, resolves CVE-2025-64345 (GHSA-hc7m-r6v8-hg9q)—an unsound API interaction involving shared linear memo...