CVE-2025-55159

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-55159
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55159.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-55159
Aliases
Downstream
Related
Published
2025-08-11T23:15:28Z
Modified
2025-08-12T15:58:54.846445Z
Summary
[none]
Details

slab is a pre-allocated storage for a uniform data type. In version 0.4.10, the getdisjointmut method incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes. This has been fixed in slab 0.4.11. A workaround for this issue involves to avoid using getdisjointmut with indices that might be beyond the slab's actual length.

References

Affected packages

Debian:11 / rust-slab

Package

Name
rust-slab
Purl
pkg:deb/debian/rust-slab?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.4.1-1
0.4.4-1
0.4.9-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / rust-slab

Package

Name
rust-slab
Purl
pkg:deb/debian/rust-slab?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.4.4-1
0.4.9-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / rust-slab

Package

Name
rust-slab
Purl
pkg:deb/debian/rust-slab?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.4.9-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / rust-slab

Package

Name
rust-slab
Purl
pkg:deb/debian/rust-slab?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.4.9-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/tokio-rs/slab

Affected ranges

Type
GIT
Repo
https://github.com/tokio-rs/slab
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
2d65c514bc964b192bab212ddf3c1fcea4ae96b8

Affected versions

v0.*

v0.2.0
v0.3.0
v0.4.0
v0.4.1
v0.4.10
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.4.6
v0.4.7
v0.4.8
v0.4.9