GHSA-9fjq-45qv-pcm7: ruint affected by unsoundness of safe `reciprocal_mg10`

December 26, 2025

The function reciprocal_mg10 is marked as safe but can trigger undefined behavior (out-of-bounds access) because it relies on debug_assert! for safety checks instead of assert!.

When compiled in release mode, the debug_assert! is optimized out, potentially allowing invalid inputs to cause memory corruption.

References

github.com/advisories/GHSA-9fjq-45qv-pcm7
github.com/recmo/uint
github.com/recmo/uint/blob/17c9b3e9062f74a39701e68dec358375595d33d7/src/algorithms/div/reciprocal.rs
github.com/recmo/uint/issues/550
rustsec.org/advisories/RUSTSEC-2025-0137.html

Code Behaviors & Features

Detect and mitigate GHSA-9fjq-45qv-pcm7 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →