HistoryEdit

RUSTSEC-2020-0039

index() allows out-of-bound read and remove() has off-by-one error

Issued
Package
simple-slab (crates.io)
Type
Vulnerability
Aliases
Details
https://github.com/nathansizemore/simple-slab/issues/2
Patched
  • >=0.3.3

Description

Slab::index() does not perform the boundary checking, which leads to out-of-bound read access. Slab::remove() copies an element from an invalid address due to off-by-one error, resulting in memory leakage and uninitialized memory drop.