-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| slab | rust | = 0.4.10 | 0.4.11 |
RustRustMiggo AIRoot Cause AnalysisThe vulnerability lies in the get_disjoint_mut function of the slab crate. The patch clearly shows that the bounds check was changed from using the slab's capacity to its length. The original code checked if the provided index key was within the allocated capacity of the slab, not the number of initialized elements. This allowed access to potentially uninitialized memory, leading to undefined behavior. The fix corrects this by checking against the slab's length, ensuring that only initialized elements can be accessed. The added test case in tests/slab.rs further confirms this by specifically testing for the out-of-bounds condition that was previously not handled correctly.
Ongoing coverage of React2Shell