2.9 CVE-2025-47737

Enriched by CISA Exploit
 

lib.rs in the trailer crate through 0.1.2 for Rust mishandles allocating with a size of zero.
https://nvd.nist.gov/vuln/detail/CVE-2025-47737

Categories

CWE-762 : Mismatched Memory Management Routines
The product attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource. Use tools that are integrated duringcompilation to insert runtime error-checking mechanismsrelated to memory safety errors, such as AddressSanitizer(ASan) for C/C++ [REF-1518] or valgrind [REF-480]. Only call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free(). Use a language that provides abstractions for memory allocation and deallocation.

References

134c704f-9b21-4f2e-91b3-4a467353bcc0 Exploit

cve@mitre.org Exploit


 

AFFECTED (from MITRE)

Vendor Product Versions
Geal trailer
  • ≤ 0.1.2 [affected]
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

CPE

cpe start end
Configuration 1
cpe:2.3:a:unhandledexpression:trailer:*:*:*:*:*:rust:*:* <= 0.1.2

REMEDIATION


EXPLOITS

Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
https://github.com/Geal/trailer/issues/2
https://github.com/Geal/trailer/issues/2

CAPEC

Common Attack Pattern Enumerations and Classifications

id description severity
No entry