CVE-2026-42199: Rust Unchecked Arithmetic In Resize
Capacity calculations using unchecked arithmetic (`+`, `*`) can overflow, causing insufficient allocation and potential out-of-bounds access. If the buffer is unexpectedly truncated, subsequent operations assuming un-wrapped dimensions can trigger Undefined Behavior. Use `checked_add` and `checked_mul` to compute buffer dimensions safely securely.
Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0
Rustβ
Rustβgreprules fetch cve-2026-42199-rust-unchecked-arithmetic-in-resize --engine opengrepDescription
Capacity calculations using unchecked arithmetic (`+`, `*`) can overflow, causing insufficient allocation and potential out-of-bounds access. If the buffer is unexpectedly truncated, subsequent operations assuming un-wrapped dimensions can trigger Undefined Behavior. Use `checked_add` and `checked_mul` to compute buffer dimensions safely securely.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0