CVE-2020-35893

HIGH

Simple-slab < 0.3.3 - Memory Leak

Title source: rule

Description

An issue was discovered in the simple-slab crate before 0.3.3 for Rust. remove() has an off-by-one error, causing memory leakage and a drop of uninitialized memory.

References (1)

[Third Party Advisory] https://rustsec.org/advisories/RUSTSEC-2020-0039.html

Scores

CVSS v3 7.5

EPSS 0.0033

EPSS Percentile 55.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401 CWE-193 CWE-908

Status published

Affected Products (2)

simple-slab_project/simple-slab < 0.3.3

crates.io/simple-slab < 0.3.3crates.io

Timeline

Published Dec 31, 2020

Tracked Since Feb 18, 2026