Headline
GHSA-m2xr-2vj4-wh94: tanton_engine has unsound public API
The following functions in the tanton_engine crate are unsound due to lack of sufficient boundary
checks in public API:
Stack::offset()ThreadStack::get()RootMoveList::insert_score_depth()RootMoveList::insert_score()
The tanton_engine crate is no longer maintained, so there are no plans to fix this issue.
- GitHub Advisory Database
- GitHub Reviewed
- GHSA-m2xr-2vj4-wh94
tanton_engine has unsound public API
Moderate severity GitHub Reviewed Published May 6, 2025 to the GitHub Advisory Database • Updated May 6, 2025
Package
cargo tanton_engine (Rust)
Affected versions
<= 1.0.0
The following functions in the tanton_engine crate are unsound due to lack of sufficient boundary
checks in public API:
- Stack::offset()
- ThreadStack::get()
- RootMoveList::insert_score_depth()
- RootMoveList::insert_score()
The tanton_engine crate is no longer maintained, so there are no plans to fix this issue.
References
- https://rustsec.org/advisories/RUSTSEC-2025-0031.html
Published to the GitHub Advisory Database
May 6, 2025