RUSTSEC-2026-0002: IterMut violates Stacked Borrows by invalidating internal pointer #359
Description
| Details | |
|---|---|
| Package | lru |
| Version | 0.10.1 |
| Warning | unsound |
| URL | jeromefroe/lru-rs#224 |
| Patched Versions | >=0.16.3 |
| Unaffected Versions | <0.9.0 |
Affected versions of this crate contain a soundness issue in the IterMut
iterator implementation. The IterMut::next and IterMut::next_back
methods temporarily create an exclusive reference to the key when
dereferencing the internal node pointer.
This invalidates the shared pointer held by the internal HashMap,
violating Stacked Borrows rules.