CNNVD-202508-976 Information

CNNVD ID

CNNVD-202508-976

Related CVE

CVE-2025-55159

• CNNVD Published: 2025-08-11

Description (Chinese)

Slab是Tokio开源的一个Rust的应用程序。 slab 0.4.10版本存在缓冲区错误漏洞，该漏洞源于get_disjoint_mut方法错误检查索引范围，可能导致访问未初始化内存。

Description (English)

Slab is a Rust application from Tokio Open Source. Version 0.4.10 of slab has an error loophole in the buffer zone, which stems from an error-checking index range of Get disjoint mut methods, which may lead to access to uninitialized memory.

Hazard Level

High

Vulnerability Type

缓冲区错误

Affected Vendor

Tokio

Published

2025-08-11

Last Modified

2026-02-24

References

https://github.com/tokio-rs/slab/pull/152 https://github.com/tokio-rs/slab/commit/2d65c514bc964b192bab212ddf3c1fcea4ae96b8 https://github.com/tokio-rs/slab/security/advisories/GHSA-qx2v-8332-m4fv https://vigilance.fr/vulnerability/slab-out-of-bounds-memory-reading-via-get-disjoint-mut-48046

Patch

https://github.com/tokio-rs/slab/releases