zlib-rs is vulnerable to Undefined Behavior
15
Low Risk
Affected versions of the zlib-rs crate expose an unsound lifetime on internal WeakSliceMut and WeakArrayMut helpers. Their as_mut_slice() methods returned &'a mut [T] while relinquishing mutable access to the wrapper, which is prone to lifetime extension bugs when those slices are used during deflate hash-chain updates in hash_calc.rs. That undefined behavior can corrupt memory during compression. Version 0.6.6 fixes the return type to &mut [T] and adjusts hash calculation to avoid overlapping borrows.
You are affected if you are using a version that falls within the vulnerable range.
zlib-rs is vulnerable to Undefined Behavior in versions 0.4.0 - 0.6.5.
Upgrade the zlib-rs library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

I consent to receiving marketing communications based on Aikido’s Privacy Policy.
SOC 2Compliant
ISO 27001Compliant