ghsa-qx2v-8332-m4fv
Vulnerability from github
Published
2025-08-11 22:45
Modified
2025-08-12 13:17
Severity ?
5.1 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
slab allows out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check
Details

Impact

The get_disjoint_mut method in slab v0.4.10 incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes.

Patches

This has been fixed in slab v0.4.11.

Workarounds

Avoid using get_disjoint_mut with indices that might be beyond the slab's actual length, or upgrade to v0.4.11 or later.

References

Show details on source website

To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "slab"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.4.10"
            },
            {
              "fixed": "0.4.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.4.10"
      ]
    }
  ],
  "aliases": [
    "CVE-2025-55159"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-08-11T22:45:20Z",
    "nvd_published_at": "2025-08-11T23:15:28Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nThe `get_disjoint_mut` method in slab v0.4.10 incorrectly checked if indices were within the slab\u0027s capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes.\n\n### Patches\n\nThis has been fixed in slab v0.4.11.\n\n### Workarounds\n\nAvoid using `get_disjoint_mut` with indices that might be beyond the slab\u0027s actual length, or upgrade to v0.4.11 or later.\n\n### References\n\n- [https://github.com/tokio-rs/slab/pull/152](https://github.com/tokio-rs/slab/pull/152)",
  "id": "GHSA-qx2v-8332-m4fv",
  "modified": "2025-08-12T13:17:01Z",
  "published": "2025-08-11T22:45:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tokio-rs/slab/security/advisories/GHSA-qx2v-8332-m4fv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55159"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tokio-rs/slab/pull/152"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tokio-rs/slab/commit/2d65c514bc964b192bab212ddf3c1fcea4ae96b8"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tokio-rs/slab"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2025-0047.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "slab allows out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.