Skip to content

RUSTSEC-2025-0047: Out-of-bounds access in get_disjoint_mut due to incorrect bounds check #804

New issue
New issue
Closed
#828
Closed
RUSTSEC-2025-0047: Out-of-bounds access in get_disjoint_mut due to incorrect bounds check#804
#828
Labels
lifecycle/confirmedBug is verified or proposal seems reasonable
Milestone
v0.9.0
@github-actions

Description

@github-actions
github-actions
bot
opened on Aug 18, 2025

Out-of-bounds access in get_disjoint_mut due to incorrect bounds check

Details
Package slab
Version 0.4.10
URL GHSA-qx2v-8332-m4fv
Date 2025-08-12
Patched versions >=0.4.11
Unaffected versions <0.4.10

Impact

The get_disjoint_mut method in slab v0.4.10 incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes.

Patches

This has been fixed in slab v0.4.11.

Workarounds

Avoid using get_disjoint_mut with indices that might be beyond the slab's actual length, or upgrade to v0.4.11 or later.

References

See advisory page for additional details.

Metadata

Metadata

Assignees

No one assigned

    Labels

    lifecycle/confirmedBug is verified or proposal seems reasonable

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions