Aikido Intel
Secure My Code
Intel

AIKIDO-2025-10559

id-map is vulnerable to Use of Uninitialized Resource

Use of Uninitialized Resource Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published Aug 18, 2025

75

High Risk

This Affects:

RUSTid-map
0.1.6 - 0.2.1
Fixed in 0.2.2
Are you affected? Scan for Free

TL;DR

Affected versions of this package are vulnerable to Uninitialized Memory Drop in IdMap::from_iter Constructor. Due to a flaw in id_map::IdMap::from_iter, the constructor may create objects where the values vector has a length smaller than its capacity, while the ids field is initialized using the larger capacity value. When such an IdMap is dropped, its destructor erroneously assumes all values.capacity() elements are initialized and attempts to iterate over and drop them, dereferencing uninitialized memory. This causes undefined behavior (e.g., segmentation faults or heap corruption). An attacker could exploit this by supplying an iterator that yields fewer items than allocated capacity, then triggering the destructor, potentially leading to denial of service via crash or, in some environments, arbitrary code execution by manipulating uninitialized memory layouts.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

id-map is vulnerable to Use of Uninitialized Resource in versions 0.1.6 - 0.2.1.

How to fix this

Upgrade the id-map library to the patch version or note that the maintainer recommends using the following alternatives: slab and slotmap

Links

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Scan for Free
Book a Demo

Free. No credit card required.

Aikido Platform
Subscribe
Stay up to date with all updates
LinkedIn YouTube X
© 2026 Aikido Security BV | BE0792914919
Ghent, Belgium | San Francisco, US
SOC 2SOC 2Compliant
ISO 27001ISO 27001Compliant
Get Security Done