CNNVD-202602-545 Information
Feb 04, 2026
cve
CNNVD ID
CNNVD-202602-545
Related CVE
- CNNVD Published: 2026-02-04
Description (Chinese)
Bytes是Tokio开源的一个用于处理字节流的工具。 Bytes 1.2.1版本至1.11.1之前版本存在安全漏洞,该漏洞源于BytesMut::reserve存在整数溢出,可能导致越界切片。
Description (English)
Bytes is an open-source tool for tokio bytes. There is a security loophole in Bytes 1.2.1 to 1.11.1, which stems from the integer spill of BytesMut:reserve, which could lead to cross-border slices.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Tokio
Published
2026-02-04
Last Modified
2026-02-24
References
https://github.com/tokio-rs/bytes/commit/d0293b0e35838123c51ca5dfdf468ecafee4398f https://github.com/tokio-rs/bytes/releases/tag/v1.11.1 https://github.com/tokio-rs/bytes/security/advisories/GHSA-434x-w66g-qw3r https://rustsec.org/advisories/RUSTSEC-2026-0007.html
Patch
https://github.com/tokio-rs/bytes/releases
Share on: