Skip to content

Shaman has soundness issues and is unmaintained

Low severity GitHub Reviewed Published Nov 3, 2025 to the GitHub Advisory Database

Package

cargo shaman (Rust)

Affected versions

<= 0.1.0

Patched versions

None

Description

shaman::cryptoutil::write_u64v_le and other functions mentioned above cannot garantee memory safety of get_unchecked later if both length are zero.

shaman is unmaintained.

References

Published to the GitHub Advisory Database Nov 3, 2025
Reviewed Nov 3, 2025

Severity

Low

EPSS score

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-7vjm-6qgq-3mrq

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.