CVE-2025-55159 – slab

Package

Manager: cargo
Name: slab
Vulnerable Version: =0.4.10 || >=0.4.10 <0.4.11

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00017 pctl0.02744

Details

slab allows out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check ### Impact The `get_disjoint_mut` method in slab v0.4.10 incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes. ### Patches This has been fixed in slab v0.4.11. ### Workarounds Avoid using `get_disjoint_mut` with indices that might be beyond the slab's actual length, or upgrade to v0.4.11 or later. ### References - [https://github.com/tokio-rs/slab/pull/152](https://github.com/tokio-rs/slab/pull/152)

Metadata

Created: 2025-08-11T22:45:20Z
Modified: 2025-08-12T13:17:01Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-qx2v-8332-m4fv/GHSA-qx2v-8332-m4fv.json
CWE IDs: ["CWE-119"]
Alternative ID: GHSA-qx2v-8332-m4fv
Finding: F316
Auto approve: 1