CVE-2026-25541

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Bytes versions 1.2.1 through 1.11.0

Description The Bytes library contains a flaw in the BytesMut::reserve function that can lead to an integer overflow. Specifically, an unchecked addition within the reclaim path of BytesMut::reserve can cause the allocated capacity to be incorrectly calculated when new cap + offset overflows a usize value in release builds. This can result in the cap value being set to a value exceeding the actual allocated capacity. Subsequent calls to functions like spare capacity mut() may then create out-of-bounds slices, leading to undefined behavior. This issue is observable in release builds, while debug builds trigger a panic due to overflow checks.

Recommendations Update to Bytes version 1.11.1 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-680

Related Identifiers

AZL-76691

AZL-76703

AZL-76712

AZL-76715

AZL-76718

AZL-76721

AZL-76752

AZL-78615

CVE-2026-25541

GHSA-434X-W66G-QW3R

RUSTSEC-2026-0007

Affected Products

Bytes

CVE-2026-25541

Weakness Enumeration

Related Identifiers

Affected Products

References · 35