starred/gopher64
1
0
Fork 0
mirror of https://github.com/gopher64/gopher64.git synced 2026-04-26 07:25:58 +03:00
Code Issues 22 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #546] RUSTSEC-2025-0047: Out-of-bounds access in get_disjoint_mut due to incorrect bounds check #58

New issue
Closed
opened 2026-03-03 13:45:21 +03:00 by kerem · 0 comments
kerem commented 2026-03-03 13:45:21 +03:00
Owner
Copy link

Originally created by @github-actions[bot] on GitHub (Aug 13, 2025).
Original GitHub issue: https://github.com/gopher64/gopher64/issues/546

Out-of-bounds access in get_disjoint_mut due to incorrect bounds check

Details
Package slab
Version 0.4.10
URL https://github.com/tokio-rs/slab/security/advisories/GHSA-qx2v-8332-m4fv
Date 2025-08-12
Patched versions >=0.4.11
Unaffected versions <0.4.10

Impact

The get_disjoint_mut method in slab v0.4.10 incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes.

Patches

This has been fixed in slab v0.4.11.

Workarounds

Avoid using get_disjoint_mut with indices that might be beyond the slab's actual length, or upgrade to v0.4.11 or later.

References

See advisory page for additional details.

Originally created by @github-actions[bot] on GitHub (Aug 13, 2025). Original GitHub issue: https://github.com/gopher64/gopher64/issues/546 > Out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check | Details | | | ------------------- | ---------------------------------------------- | | Package | `slab` | | Version | `0.4.10` | | URL | [https://github.com/tokio-rs/slab/security/advisories/GHSA-qx2v-8332-m4fv](https://github.com/tokio-rs/slab/security/advisories/GHSA-qx2v-8332-m4fv) | | Date | 2025-08-12 | | Patched versions | `>=0.4.11` | | Unaffected versions | `<0.4.10` | ## Impact The `get_disjoint_mut` method in slab v0.4.10 incorrectly checked if indices were within the slab&#39;s capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes. ## Patches This has been fixed in slab v0.4.11. ## Workarounds Avoid using `get_disjoint_mut` with indices that might be beyond the slab&#39;s actual length, or upgrade to v0.4.11 or later. ## References * [https://github.com/tokio-rs/slab/pull/152](https://github.com/tokio-rs/slab/pull/152) See [advisory page](https://rustsec.org/advisories/RUSTSEC-2025-0047.html) for additional details.
kerem closed this issue 2026-03-03 13:45:21 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
v1.1.19
v1.1.18
v1.1.17
v1.1.16
v1.1.15
v1.1.14
v1.1.13
v1.1.12
v1.1.11
v1.1.10
v1.1.9
v1.1.8
v1.1.7
v1.1.6
v1.1.5
v1.1.4
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.20
v1.0.19
v1.0.18
v1.0.17
v1.0.16
v1.0.15
v1.0.14
v1.0.13
v1.0.12
v1.0.11
v1.0.10
v1.0.9
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
v0.1.25
v0.1.24
v0.1.23
v0.1.22
v0.1.21
v0.1.20
v0.1.19
v0.1.18
v0.1.17
v0.1.16
v0.1.15
v0.1.14
v0.1.13
v0.1.12
v0.1.11
v0.1.10
v0.1.9
v0.1.8
v0.1.7
v0.1.6
v0.1.5
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
Labels
Clear labels   
bug

   
enhancement

   
help wanted

   
platform specific

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
up next
No labels
bug
enhancement
help wanted
platform specific
pull-request
question
up next
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/gopher64#58
No description provided.