{"ecosystem":"cargo","package":"slab","version":null,"bugs":[{"id":4545,"ecosystem":"cargo","package_name":"slab","affected_version":"0.4.10","fixed_version":"0.4.11","bug_id":"osv:RUSTSEC-2025-0047","title":"Out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check","description":"## Impact\nThe `get_disjoint_mut` method in slab v0.4.10 incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes.\n\n## Patches\nThis has been fixed in slab v0.4.11.\n\n## Workarounds\nAvoid using `get_disjoint_mut` with indices that might be beyond the slab's actual length, or upgrade to v0.4.11 or later.\n\n## References\n* [https://github.com/tokio-rs/slab/pull/152](https://github.com/tokio-rs/slab/pull/152)","severity":"medium","status":"fixed","source":"osv","source_url":"https://crates.io/crates/slab","labels":["CVE-2025-55159","GHSA-qx2v-8332-m4fv"],"created_at":"2026-04-26 03:01:17.579718+00:00","updated_at":"2026-04-26 03:01:17.579718+00:00"},{"id":4544,"ecosystem":"cargo","package_name":"slab","affected_version":"0.4.10","fixed_version":"0.4.11","bug_id":"osv:GHSA-qx2v-8332-m4fv","title":"slab allows out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check","description":"### Impact\n\nThe `get_disjoint_mut` method in slab v0.4.10 incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes.\n\n### Patches\n\nThis has been fixed in slab v0.4.11.\n\n### Workarounds\n\nAvoid using `get_disjoint_mut` with indices that might be beyond the slab's actual length, or upgrade to v0.4.11 or later.\n\n### References\n\n- [https://github.com/tokio-rs/slab/pull/152](https://github.com/tokio-rs/slab/pull/152)","severity":"medium","status":"fixed","source":"osv","source_url":"https://github.com/tokio-rs/slab/security/advisories/GHSA-qx2v-8332-m4fv","labels":["CVE-2025-55159","RUSTSEC-2025-0047"],"created_at":"2026-04-26 03:01:17.568610+00:00","updated_at":"2026-04-26 03:01:17.568610+00:00"}],"total":2,"_cache":"hit"}