HistoryEditJSON (OSV)

RUSTSEC-2020-0039

index() allows out-of-bound read and remove() has off-by-one error

Reported
Issued
Package
simple-slab (crates.io)
Type
Vulnerability
Aliases
References
Patched
  • >=0.3.3

Description

Slab::index() does not perform the boundary checking, which leads to out-of-bound read access. Slab::remove() copies an element from an invalid address due to off-by-one error, resulting in memory leakage and uninitialized memory drop.

Advisory available under CC0-1.0 license.