PT-2020-17524 · Rust · Simple-Slab

Published

2020-09-03

Updated

2021-08-25

CVE-2020-35892

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions simple-slab crate versions prior to 0.3.3

Description The issue is related to the Slab::index() function not performing boundary checking, leading to out-of-bounds read access. Additionally, the Slab::remove() function has an off-by-one error, causing memory leakage and a drop of uninitialized memory.

Recommendations For simple-slab crate versions prior to 0.3.3, update to version 0.3.3 or later to resolve the issue. As a temporary workaround, consider disabling the Slab::index() and Slab::remove() functions until a patch is available. Restrict access to the simple-slab crate to minimize the risk of exploitation.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-193

Related Identifiers

CVE-2020-35892

GHSA-438G-FX34-4H9M

GHSA-HQC8-J86X-2764

RUSTSEC-2020-0039

Affected Products

Simple-Slab

PT-2020-17524 · Rust · Simple-Slab

CVE-2020-35892

Weakness Enumeration

Related Identifiers

Affected Products

References · 11