Buffer overflow in Tokio-rs Slab
CVE-2025-55159
slab is a pre-allocated storage for a uniform data type. In version 0.4.10, the get_disjoint_mut method incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This cou…
Vulnerability class: Buffer Overflow
EPSS: 0.002 (5.1th percentile) — read the EPSS interpretation.
Affected products
- Tokio-rs Slab — versions >= 0.4.10, < 0.4.11
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)