Skip to content

tanton_engine has unsound public API

Moderate severity GitHub Reviewed Published May 6, 2025 to the GitHub Advisory Database • Updated May 6, 2025

Package

cargo tanton_engine (Rust)

Affected versions

<= 1.0.0

Patched versions

None

Description

The following functions in the tanton_engine crate are unsound due to lack of sufficient boundary
checks in public API:

  • Stack::offset()
  • ThreadStack::get()
  • RootMoveList::insert_score_depth()
  • RootMoveList::insert_score()

The tanton_engine crate is no longer maintained, so there are no plans to fix this issue.

References

Published to the GitHub Advisory Database May 6, 2025
Reviewed May 6, 2025
Last updated May 6, 2025

Severity

Moderate

EPSS score

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-m2xr-2vj4-wh94

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.