CVE-2021-45680
Description
The vec-const Rust crate before 2.0.0 could construct a Vec from a const slice pointer, causing memory corruption.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The vec-const Rust crate before 2.0.0 could construct a Vec from a const slice pointer, causing memory corruption.
Vulnerability
The vec-const crate versions prior to 2.0.0 attempted to construct a Vec from a pointer to a const slice, which is unsound because a Vec with nonzero length and capacity requires a pointer from an allocator, leading to memory corruption [1][2].
Exploitation
An attacker would need to craft a const slice pointer that triggers this unsound conversion. The exact exploitation steps are not detailed in available references, but the crate's flawed design allows any usage of the affected functionality to potentially lead to memory safety violations.
Impact
Successful exploitation can lead to memory corruption, which may result in undefined behavior, information disclosure, or arbitrary code execution depending on the context in which the vulnerable crate is used.
Mitigation
The issue is fixed in version 2.0.0 of the vec-const crate, released on August 21, 2021 [2]. Users should upgrade to >=2.0.0. No known workarounds are documented. The crate is marked as "unsound" in the RustSec advisory [2].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
vec-constcrates.io | < 2.0.0 | 2.0.0 |
Affected products
2- vec-const/vec-constdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-x76r-966h-5qv9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-45680ghsaADVISORY
- github.com/Eolu/vec-const/issues/1ghsaWEB
- raw.githubusercontent.com/rustsec/advisory-db/main/crates/vec-const/RUSTSEC-2021-0082.mdghsax_refsource_MISCWEB
- rustsec.org/advisories/RUSTSEC-2021-0082.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.