Skip to content

tanton_engine has unsound public API

Moderate severity GitHub Reviewed Published May 6, 2025 to the GitHub Advisory Database • Updated May 6, 2025

Package

cargo tanton_engine (Rust)

Affected versions

<= 1.0.0

Patched versions

None

Description

The following functions in the tanton_engine crate are unsound due to lack of sufficient boundary
checks in public API:

  • Stack::offset()
  • ThreadStack::get()
  • RootMoveList::insert_score_depth()
  • RootMoveList::insert_score()

The tanton_engine crate is no longer maintained, so there are no plans to fix this issue.

References

Published to the GitHub Advisory Database May 6, 2025
Reviewed May 6, 2025
Last updated May 6, 2025

Severity

Moderate

EPSS score

Weaknesses

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. Learn more on MITRE.

CVE ID

No known CVE

GHSA ID

GHSA-m2xr-2vj4-wh94

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.