CVE-2025-55159

EUVD-2025-24190

11.08.2025, 23:15

slab is a pre-allocated storage for a uniform data type. In version 0.4.10, the get_disjoint_mut method incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes. This has been fixed in slab 0.4.11. A workaround for this issue involves to avoid using get_disjoint_mut with indices that might be beyond the slab's actual length.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Debian Releases

Debian Product

Codename

rust-slab

bookworm	0.4.4-1 fixed
bullseye	0.4.1-1 fixed
forky	0.4.9-1 fixed
sid	0.4.9-1 fixed
trixie	0.4.9-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

rust-slab

focal	needs-triage
jammy	needs-triage
noble	needs-triage
plucky	ignored
questing	needs-triage

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

https://github.com/tokio-rs/slab/commit/2d65c514bc964b192bab212ddf3c1fcea4ae96b8

https://github.com/tokio-rs/slab/pull/152

https://github.com/tokio-rs/slab/security/advisories/GHSA-qx2v-8332-m4fv