CVE-2025-55159
MEDIUMslab 0.4.10 - Memory Corruption via get_disjoint_mut Bounds Check Bypass
Title source: llmDescription
slab is a pre-allocated storage for a uniform data type. In version 0.4.10, the get_disjoint_mut method incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes. This has been fixed in slab 0.4.11. A workaround for this issue involves to avoid using get_disjoint_mut with indices that might be beyond the slab's actual length.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://github.com/tokio-rs/slab/security/advisories/GHSA-qx2v-8332-m4fv
Issue Tracking x_refsource_misc
https://github.com/tokio-rs/slab/pull/152
Patch x_refsource_misc
https://github.com/tokio-rs/slab/commit/2d65c514bc964b192bab212ddf3c1fcea4ae96b8
Scores
CVSS v4
5.1
EPSS
0.0016
EPSS Percentile
5.0%
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-119
Status
published
Products (2)
crates.io/slab
0.4.10 - 0.4.11crates.io
tokio-rs/slab
>= 0.4.10, < 0.4.11
Published
Aug 11, 2025
Tracked Since
Feb 18, 2026