Memory Access Vulnerability in Slab Library by Tokio
CVE-2025-55159
Currently unrated
What is CVE-2025-55159?
In version 0.4.10 of the Slab library, there is a flaw in the 'get_disjoint_mut' method where it inadequately verified whether indices were within the slab's capacity rather than its actual length. This oversight can lead to access to uninitialized memory, resulting in unpredictable behavior or application crashes. Users are advised to update to version 0.4.11, which rectifies this issue. As a temporary workaround, it is recommended to avoid using the 'get_disjoint_mut' method with indices that exceed the slab's length.