CVE-2025-55159: slab allows out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check
(updated )
The get_disjoint_mut method in slab v0.4.10 incorrectly checked if indices were within the slab’s capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes.
References
- github.com/advisories/GHSA-qx2v-8332-m4fv
- github.com/tokio-rs/slab
- github.com/tokio-rs/slab/commit/2d65c514bc964b192bab212ddf3c1fcea4ae96b8
- github.com/tokio-rs/slab/pull/152
- github.com/tokio-rs/slab/security/advisories/GHSA-qx2v-8332-m4fv
- nvd.nist.gov/vuln/detail/CVE-2025-55159
- rustsec.org/advisories/RUSTSEC-2025-0047.html
Code Behaviors & Features
Detect and mitigate CVE-2025-55159 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →