Improper Initialization Affecting id-map package, versions >=0.1.6 <0.2.2
Threat Intelligence
Exploit Maturity
Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
Proof of Concept
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-RUST-IDMAP-12089390
- published21 Aug 2025
- disclosed18 Aug 2025
- creditUnknown
Introduced: 18 Aug 2025
New CVE NOT AVAILABLE CWE-665 (opens in a new tab)Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
Upgrade id-map to version 0.2.2 or higher.
Overview
Affected versions of this package are vulnerable to Improper Initialization due to improper initialization of memory in the id_map::IdMap::from_iter constructor. An attacker can cause undefined behavior and potential segmentation faults by providing an iterator that results in a vector with a length smaller than its capacity, leading to the freeing of uninitialized memory during object destruction.
PoC
#![forbid(unsafe_code)]
use id_map::*;
struct CustomType0(String);
fn main() {
let mut entries = Vec::new();
entries.push(CustomType0(String::from("Hello")));
entries.push(CustomType0(String::from("World")));
let _ = IdMap::from_iter(entries);
}