Updates

Rustsec flags unsound safe APIs in i_tree red-black tree crate

RustSec's latest unsoundness notice hit i_tree more than a year after the bug report, warning that safe Tree::node and Tree::mut_node could trigger UB from plain code.

Sam Ortega··2 min read
Published
Listen to this article0:00 min
Rustsec flags unsound safe APIs in i_tree red-black tree crate
Photo illustration

RustSec issued RUSTSEC-2025-0165 on June 29, 2026, putting a late spotlight on i_tree, a Rust red-black tree implementation whose safe public APIs could hand out out-of-bounds references. The flaw first surfaced in GitHub issue #1, Possible unsound APIs, opened on July 4, 2025, and it centered on Tree::node and Tree::mut_node.

Those methods accepted an arbitrary u32 index and passed it straight into Vec::get_unchecked and get_unchecked_mut without sufficient bounds checks. That meant callers could trigger undefined behavior from safe code, with no unsafe block at the call site. For Rust developers, that is the bad kind of abstraction failure: the compiler trusts the signature, but the implementation quietly breaks the contract.

AI-generated illustration
AI-generated illustration

The advisory says every release before 0.10.0 was affected. In 0.10.0, the crate was restructured so those accessors were no longer reachable from outside the crate. RustSec also links the fix to commit a948b891cf159233bfed5b16bf185268fd9e1985, and the Open Source Vulnerabilities record shows the issue as published at 2025-07-04T12:00:00Z and modified at 2026-06-29T15:15:03.953457047Z.

That timeline matters because it turns this into more than a one-off bug report. The report sat in public for nearly a year before the advisory was issued, which is exactly the kind of delayed signal that catches maintainers and downstream users off guard when a small crate has already become embedded in other code. RustSec, maintained by the Rust Secure Code Working Group, exists to track those kinds of package-level risks across crates.io and to export advisories in OSV format for wider tooling.

The package page for i_tree now lists RUSTSEC-2025-0165 and labels it INFO and Unsound, a reminder that not every serious Rust security problem looks like a remote exploit. Sometimes the dangerous part is quieter: a safe method, an unchecked index, and a library boundary that stops being trustworthy the moment a caller reaches for it.

This article was produced by Prism’s automated news system from verified source data, official records, and press releases, then run through automated quality and moderation checks before publishing. The system is built and supervised by the people who set the standards it runs under. Read our full AI policy.

Did this article answer your question?

Discussion

More Rust Programming News