A heap-buffer-overflow vulnerability exists in the Rust wrapper for libnftnl, triggered via the nftnl::Batch::with page size constructor. When a small or malformed page size is provided, the underlying C code allocates an insufficient buffer, leading to out-of-bounds writes during batch initialization.

The flaw was fixed in commit 94a286f by adding an overflow check:

batch page size
  .checked add(crate::nft nlmsg maxsize())
  .expect("batch page size is too large and would overflow");

Upgrade to version 0.9.0 or later, which aborts instead.