Severity: Critical
CVSS Score: 9.3
The safe API functions `constant::Reader::get` and `StructSchema::new` rely on `PointerReader::get_root_unchecked`, which can cause undefined behavior (UB) by constructing arbitrary words or schemas. ## `Reader::get` ```rust pub fn get(&self) -> Result<<T as Owned>::Reader<'static>> { // ... // UNSAFE: access `words` without validation } ``` ## `StructSchema::new` ```rust pub fn new(builder: RawBrandedStructSchema) -> StructSchema { // ... // UNSAFE: access encoded nodes without validation } ``` This vulnerability allows safe Rust code to trigger UB, which violates Rust's safety guarantees. The issue is resolved in version `0.24.0` by making constructor functions unsafe and mark the fields of struct as visible only in the crate.