RUSTSEC-2025-0047

Out-of-bounds access in get_disjoint_mut due to incorrect bounds check

Reported

August 12, 2025

Issued

August 12, 2025

Package

slab (crates.io)

Type

Vulnerability

Keywords

#memory-exposure #bounds-check

Aliases

CVE-2025-55159
GHSA-qx2v-8332-m4fv

References

https://github.com/tokio-rs/slab/security/advisories/GHSA-qx2v-8332-m4fv
https://github.com/tokio-rs/slab/pull/152

Patched

>=0.4.11

Unaffected

<0.4.10

Affected Functions

Version

slab::Slab::get_disjoint_mut

=0.4.10

Description

Impact

The get_disjoint_mut method in slab v0.4.10 incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes.

Patches

This has been fixed in slab v0.4.11.

Workarounds

Avoid using get_disjoint_mut with indices that might be beyond the slab's actual length, or upgrade to v0.4.11 or later.

References

https://github.com/tokio-rs/slab/pull/152

Advisory available under CC0-1.0 license.