rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add history of slab's OOB issue

Browse Source
This commit is contained in:
Motoyuki Kimura
2025-08-12 15:30:32 +09:00
committed by Dirkjan Ochtman
parent cebfd04415
commit 14405bc0b3
1 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
crates/slab/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,31 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "slab"
aliases = ["CVE-2025-55159", "GHSA-qx2v-8332-m4fv"]
date = "2025-08-12"
url = "https://github.com/tokio-rs/slab/security/advisories/GHSA-qx2v-8332-m4fv"
references = ["https://github.com/tokio-rs/slab/pull/152"]
keywords = ["memory-exposure", "bounds-check"]
[versions]
patched = [">= 0.4.11"]
unaffected = ["< 0.4.10"]
[affected.functions]
"slab::Slab::get_disjoint_mut" = ["= 0.4.10"]
```
# Out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check
## Impact
The `get_disjoint_mut` method in slab v0.4.10 incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes.
## Patches
This has been fixed in slab v0.4.11.
## Workarounds
Avoid using `get_disjoint_mut` with indices that might be beyond the slab's actual length, or upgrade to v0.4.11 or later.
## References
* [https://github.com/tokio-rs/slab/pull/152](https://github.com/tokio-rs/slab/pull/152)