Integer Overflow in Grid Data Structure for Rust by Becheran
CVE-2026-42199

6.2MEDIUM

Key Information:

Vendor

Becheran

Status
Grid
Vendor
CVE Published:
8 May 2026

What is CVE-2026-42199?

The Grid data structure by Becheran is susceptible to an integer overflow issue in the expand_rows() function. This flaw, found in versions from 0.17.0 to before 1.0.1, can lead to a disruption of the internal relationships between logical dimensions and storage. When this invariant is violated, the safe API method get() could be forced to call get_unchecked() with an invalid index. This scenario results in Undefined Behavior, possibly compromising application stability and security. Users are advised to upgrade to version 1.0.1 to mitigate this risk.

Affected Version(s)

grid >= 0.17.0, < 1.0.1

References

https://github.com/becheran/grid/security/advisories/GHSA...
x_refsource_CONFIRM
https://github.com/becheran/grid/commit/be213bd3528727148...
x_refsource_MISC
https://github.com/becheran/grid/releases/tag/v1.0.1
x_refsource_MISC

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.