Segmentation fault and invalid memory read in mnl::cb_run
Reported October 18, 2025 Issued January 9, 2026 Package mnl (crates.io) Type Vulnerability Categories
-
memory-corruption References
-
https://github.com/mullvad/mnl-rs/issues/15 Patched no patched versions
Description
The function mnl::cb_run is marked as safe but exhibits unsound behavior when processing malformed Netlink message buffers.
Passing a crafted byte slice to mnl::cb_run can trigger memory violations. The function does not sufficiently validate the input buffer structure before processing, leading to out-of-bounds reads.
…
Segmentation fault and invalid memory read in mnl::cb_run
Reported October 18, 2025 Issued January 9, 2026 Package mnl (crates.io) Type Vulnerability Categories
-
memory-corruption References
-
https://github.com/mullvad/mnl-rs/issues/15 Patched no patched versions
Description
The function mnl::cb_run is marked as safe but exhibits unsound behavior when processing malformed Netlink message buffers.
Passing a crafted byte slice to mnl::cb_run can trigger memory violations. The function does not sufficiently validate the input buffer structure before processing, leading to out-of-bounds reads.
This vulnerability allows an attacker to cause a Denial of Service (segmentation fault) or potentially read unmapped memory by providing a malformed Netlink message.
Advisory available under CC0-1.0 license.