CVE-2020-35893

Name of the Vulnerable Software and Affected Versions simple-slab crate versions prior to 0.3.3

Description The issue concerns the simple-slab crate for Rust, where two main problems have been identified. Firstly, the remove() function has an off-by-one error, leading to memory leakage and the dropping of uninitialized memory. Secondly, the index() function allows for out-of-bounds read access due to a lack of boundary checking. This can result in accessing memory outside the intended boundaries, potentially causing issues.

Recommendations For versions prior to 0.3.3, update to version 0.3.3 or later to resolve the issue. As a temporary workaround, consider disabling the remove() and index() functions until a patch is available. Restrict access to the Slab module to minimize the risk of exploitation. Avoid using the Slab::index() and Slab::remove() functions in critical operations until the issue is resolved.