Vulnerability DatabaseWS-2023-0027
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
WS-2023-0027
Published:May 15, 2026
Updated:May 15, 2026
"tokio::io::ReadHalf<T>::unsplit" can violate the "Pin" contract The soundness issue is described in the "tokio/issues#5372" (https://github.com/tokio-rs/tokio/issues/5372) Specific set of conditions needed to trigger an issue (a !Unpin type in ReadHalf) is unusual, combined with the difficulty of making any arbitrary use-after-free exploitable in Rust without doing a lot of careful alignment of data types in the surrounding code. The "tokio" feature "io-util" is also required to be enabled to trigger this soundness issue. Thanks to zachs18 reporting the issue to Tokio team responsibly and taiki-e and carllerche appropriately responding and fixing the soundness bug. Tokio before 0.2.0 used "futures" 0.1 that did not have "Pin", so it is not affected by this issue.
Related Resources (5)
https://rustsec.org/advisories/RUSTSEC-2023-0005.html
https://github.com/tokio-rs/tokio/issues/5372
https://github.com/tokio-rs/tokio/commit/d6ea7a742b92d3e516035a584ab9347a96be363a
https://crates.io/crates/tokio
https://github.com/tokio-rs/tokio
Do you need more information?
Contact Us
CVSS v4
Base Score:
9.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH