rustsec-2026-0197
Vulnerability from osv_rustsec
Published
2026-03-11 12:00
Modified
2026-07-03 13:44
Summary
`Matrix{2,3,4}::swap_columns` can trigger undefined behavior for identical indices
Details
The Matrix2::swap_columns, Matrix3::swap_columns, and Matrix4::swap_columns
implementations call ptr::swap(&mut self[a], &mut self[b]).
When a == b, these safe APIs create two mutable references to the same matrix
column and pass them to ptr::swap. This violates Rust's aliasing rules and can
trigger undefined behavior. The issue can be reproduced from safe Rust by calling
swap_columns with identical column indices, for example m.swap_columns(0, 0).
A minimal fix is to return early when the two column indices are equal before
calling ptr::swap.
{
"affected": [
{
"database_specific": {
"categories": [
"memory-corruption"
],
"cvss": null,
"informational": "unsound"
},
"ecosystem_specific": {
"affected_functions": null,
"affects": {
"arch": [],
"functions": [
"cgmath::Matrix2::swap_columns",
"cgmath::Matrix3::swap_columns",
"cgmath::Matrix4::swap_columns"
],
"os": []
}
},
"package": {
"ecosystem": "crates.io",
"name": "cgmath",
"purl": "pkg:cargo/cgmath"
},
"ranges": [
{
"events": [
{
"introduced": "0.0.0-0"
}
],
"type": "SEMVER"
}
],
"versions": []
}
],
"aliases": [],
"database_specific": {
"license": "CC0-1.0"
},
"details": "The `Matrix2::swap_columns`, `Matrix3::swap_columns`, and `Matrix4::swap_columns`\nimplementations call `ptr::swap(\u0026mut self[a], \u0026mut self[b])`.\n\nWhen `a == b`, these safe APIs create two mutable references to the same matrix\ncolumn and pass them to `ptr::swap`. This violates Rust\u0027s aliasing rules and can\ntrigger undefined behavior. The issue can be reproduced from safe Rust by calling\n`swap_columns` with identical column indices, for example `m.swap_columns(0, 0)`.\n\nA minimal fix is to return early when the two column indices are equal before\ncalling `ptr::swap`.",
"id": "RUSTSEC-2026-0197",
"modified": "2026-07-03T13:44:38Z",
"published": "2026-03-11T12:00:00Z",
"references": [
{
"type": "PACKAGE",
"url": "https://crates.io/crates/cgmath"
},
{
"type": "ADVISORY",
"url": "https://rustsec.org/advisories/RUSTSEC-2026-0197.html"
},
{
"type": "REPORT",
"url": "https://github.com/rustgd/cgmath/issues/565"
}
],
"related": [],
"severity": [],
"summary": "`Matrix{2,3,4}::swap_columns` can trigger undefined behavior for identical indices"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…