CVE-2026-44983

Name of the Vulnerable Software and Affected Versions smallbitvec (affected versions not specified)

Description An integer overflow occurs during the internal capacity calculation within the buffer len(cap) function. When the cap variable is close to usize::MAX, unchecked arithmetic causes the value to wrap around in release builds, leading to an undersized heap allocation. This creates a discrepancy where internal metadata reflects a larger size than the actual allocated buffer. Consequently, safe API calls such as set, push, and reserve perform index computations based on this corrupted metadata, resulting in out-of-bounds memory access and a heap buffer overflow.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.