This package has limited bug data (2 entries). Check back later or see the package health page for the full signal.
slab known bugs
cargo2 known bugs in slab, with affected versions, fixes and workarounds. Sourced from upstream issue trackers.
2
bugs
Known bugs
| Severity | Affected | Fixed in | Title | Status | Source |
|---|---|---|---|---|---|
| medium | 0.4.10 | 0.4.11 | Out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check ## Impact
The `get_disjoint_mut` method in slab v0.4.10 incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes.
## Patches
This has been fixed in slab v0.4.11.
## Workarounds
Avoid using `get_disjoint_mut` with indices that might be beyond the slab's actual length, or upgrade to v0.4.11 or later.
## References
* [https://github.com/tokio-rs/slab/pull/152](https://github.com/tokio-rs/slab/pull/152) | fixed | osv:RUSTSEC-2025-0047 |
| medium | 0.4.10 | 0.4.11 | slab allows out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check ### Impact
The `get_disjoint_mut` method in slab v0.4.10 incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes.
### Patches
This has been fixed in slab v0.4.11.
### Workarounds
Avoid using `get_disjoint_mut` with indices that might be beyond the slab's actual length, or upgrade to v0.4.11 or later.
### References
- [https://github.com/tokio-rs/slab/pull/152](https://github.com/tokio-rs/slab/pull/152) | fixed | osv:GHSA-qx2v-8332-m4fv |
API access
Get this data programmatically \u2014 free, no authentication.
curl https://depscope.dev/api/bugs/cargo/slab