Skip to content

trailer: add information about CVE-2025-47737 #2584

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
alexanderkjall wants to merge 1 commit into
base: main
Choose a base branch
from
Open

trailer: add information about CVE-2025-47737 #2584

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 49 additions & 0 deletions crates/trailer/RUSTSEC-0000-0000.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "trailer"
date = "2025-05-04"
url = "https://github.com/Geal/trailer/issues/2"
aliases = ["CVE-2025-47737"]
cvss = "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"

[versions]
patched = []
unaffected = []

[affected]
```

# Unsound issue in Trailer

Our static analyzer find a potential unsound issue
in the construction of Trailer, where it doesn't
provide enough check to ensure the soundness.

trailer/src/lib.rs, Lines 18 to 25 in d474984:
```
pub fn new(capacity: usize) -> Trailer<T> {
unsafe {
let trailer = Trailer::allocate(capacity);
let ptr = trailer.ptr as *mut T;
ptr.write(T::default());
trailer
}
}
```

The constructor does check the T is not a ZST in
rust, and allocating with size 0 is considered
as undefined behaviors in Rust. A poc code like
below can work:

```
use trailer::Trailer;
#[derive(Default)]
struct Zst;

fn main() {
let mut a = Trailer::<Zst>::new(0);
drop(a);
}
```