Medium severityOSV Advisory· Published Aug 11, 2025· Updated Apr 15, 2026
CVE-2025-55159
CVE-2025-55159
Description
slab is a pre-allocated storage for a uniform data type. In version 0.4.10, the get_disjoint_mut method incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes. This has been fixed in slab 0.4.11. A workaround for this issue involves to avoid using get_disjoint_mut with indices that might be beyond the slab's actual length.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
slabcrates.io | >= 0.4.10, < 0.4.11 | 0.4.11 |
Affected products
127- osv-coords126 versionspkg:apk/chainguard/buck2pkg:apk/chainguard/efs-utilspkg:apk/chainguard/efs-utils-for-aws-csi-driverpkg:apk/chainguard/jujutsupkg:apk/chainguard/jujutsu-docspkg:apk/chainguard/linkerd2pkg:apk/chainguard/linkerd2-clipkg:apk/chainguard/linkerd2-controllerpkg:apk/chainguard/linkerd2-controller-compatpkg:apk/chainguard/linkerd2-debugpkg:apk/chainguard/linkerd2-metrics-apipkg:apk/chainguard/linkerd2-metrics-api-compatpkg:apk/chainguard/linkerd2-policy-controllerpkg:apk/chainguard/linkerd2-policy-controller-compatpkg:apk/chainguard/linkerd2-proxypkg:apk/chainguard/linkerd2-proxy-identitypkg:apk/chainguard/linkerd2-tappkg:apk/chainguard/linkerd2-tap-compatpkg:apk/chainguard/linkerd2-webpkg:apk/chainguard/linkerd-extension-initpkg:apk/chainguard/linkerd-extension-init-compatpkg:apk/chainguard/mdbookpkg:apk/chainguard/pixipkg:apk/chainguard/pixi-compatpkg:apk/chainguard/py3.10-uv-buildpkg:apk/chainguard/py3.10-uv-build-binpkg:apk/chainguard/py3.11-uv-buildpkg:apk/chainguard/py3.11-uv-build-binpkg:apk/chainguard/py3.12-uv-buildpkg:apk/chainguard/py3.12-uv-build-binpkg:apk/chainguard/py3.13-uv-buildpkg:apk/chainguard/py3.13-uv-build-binpkg:apk/chainguard/py3-supported-uv-buildpkg:apk/chainguard/shadowsocks-rustpkg:apk/chainguard/shadowsocks-rust-sslocalpkg:apk/chainguard/shadowsocks-rust-ssmanagerpkg:apk/chainguard/shadowsocks-rust-ssserverpkg:apk/chainguard/shadowsocks-rust-ssservicepkg:apk/chainguard/shadowsocks-rust-ssurlpkg:apk/chainguard/uvpkg:apk/chainguard/zolapkg:apk/wolfi/buck2pkg:apk/wolfi/efs-utilspkg:apk/wolfi/efs-utils-for-aws-csi-driverpkg:apk/wolfi/linkerd2pkg:apk/wolfi/linkerd2-clipkg:apk/wolfi/linkerd2-controllerpkg:apk/wolfi/linkerd2-controller-compatpkg:apk/wolfi/linkerd2-debugpkg:apk/wolfi/linkerd2-metrics-apipkg:apk/wolfi/linkerd2-metrics-api-compatpkg:apk/wolfi/linkerd2-policy-controllerpkg:apk/wolfi/linkerd2-policy-controller-compatpkg:apk/wolfi/linkerd2-proxypkg:apk/wolfi/linkerd2-proxy-identitypkg:apk/wolfi/linkerd2-tappkg:apk/wolfi/linkerd2-tap-compatpkg:apk/wolfi/linkerd2-webpkg:apk/wolfi/linkerd-extension-initpkg:apk/wolfi/linkerd-extension-init-compatpkg:apk/wolfi/mdbookpkg:apk/wolfi/pixipkg:apk/wolfi/pixi-compatpkg:apk/wolfi/py3.10-uv-buildpkg:apk/wolfi/py3.10-uv-build-binpkg:apk/wolfi/py3.11-uv-buildpkg:apk/wolfi/py3.11-uv-build-binpkg:apk/wolfi/py3.12-uv-buildpkg:apk/wolfi/py3.12-uv-build-binpkg:apk/wolfi/py3.13-uv-buildpkg:apk/wolfi/py3.13-uv-build-binpkg:apk/wolfi/py3-supported-uv-buildpkg:apk/wolfi/shadowsocks-rustpkg:apk/wolfi/shadowsocks-rust-sslocalpkg:apk/wolfi/shadowsocks-rust-ssmanagerpkg:apk/wolfi/shadowsocks-rust-ssserverpkg:apk/wolfi/shadowsocks-rust-ssservicepkg:apk/wolfi/shadowsocks-rust-ssurlpkg:apk/wolfi/uvpkg:apk/wolfi/zolapkg:cargo/slabpkg:rpm/opensuse/aws-efs-utils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/aws-efs-utils&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/flake-pilot&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/flake-pilot&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/fractal&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/framework_tool&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/git-cliff&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/gstreamer-devtools&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/gstreamer-devtools&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/gstreamer&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/gstreamer-docs&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/gstreamer-plugins-bad&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/gstreamer-plugins-base&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/gstreamer-plugins-good&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/gstreamer-plugins-libav&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/gstreamer-plugins-rs&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/gstreamer-plugins-rs&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/gstreamer-plugins-ugly&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/gstreamer-rtsp-server&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/rust-keylime&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/rust-keylime&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/sccache&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/scx&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/watchexec&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/wicked2nm&distro=openSUSE%20Tumbleweedpkg:rpm/suse/aws-efs-utils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/aws-efs-utils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7pkg:rpm/suse/flake-pilot&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/flake-pilot&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/gstreamer&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/gstreamer-plugins-base&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/python-Cerberus&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/rust-keylime&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/rust-keylime&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/rust-keylime&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/rust-keylime&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/rust-keylime&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/rust-keylime&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/sccache&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/sccache&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/SLES16-Migration&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/SLES16-SAP_Migration&distro=SUSE%20Linux%20Enterprise%20Module%20for%20SAP%20Applications%2015%20SP7pkg:rpm/suse/suse-migration-services&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/suse-migration-sle16-activation&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/wicked2nm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7
< 20250401-r3+ 125 more
- (no CPE)range: < 20250401-r3
- (no CPE)range: < 2.3.3-r1
- (no CPE)range: < 2.3.3-r1
- (no CPE)range: < 0.32.0-r1
- (no CPE)range: < 0.32.0-r1
- (no CPE)range: < 25.8.2-r1
- (no CPE)range: < 25.8.2-r1
- (no CPE)range: < 25.8.2-r1
- (no CPE)range: < 25.8.2-r1
- (no CPE)range: < 25.8.2-r1
- (no CPE)range: < 25.8.2-r1
- (no CPE)range: < 25.8.2-r1
- (no CPE)range: < 25.8.2-r1
- (no CPE)range: < 25.8.2-r1
- (no CPE)range: < 2.312.0-r1
- (no CPE)range: < 25.8.2-r1
- (no CPE)range: < 25.8.2-r1
- (no CPE)range: < 25.8.2-r1
- (no CPE)range: < 25.8.2-r1
- (no CPE)range: < 0.1.6-r1
- (no CPE)range: < 0.1.6-r1
- (no CPE)range: < 0.4.52-r2
- (no CPE)range: < 0.51.0-r0
- (no CPE)range: < 0.51.0-r0
- (no CPE)range: < 0.8.9-r1
- (no CPE)range: < 0.8.9-r1
- (no CPE)range: < 0.8.9-r1
- (no CPE)range: < 0.8.9-r1
- (no CPE)range: < 0.8.9-r1
- (no CPE)range: < 0.8.9-r1
- (no CPE)range: < 0.8.9-r1
- (no CPE)range: < 0.8.9-r1
- (no CPE)range: < 0.8.9-r1
- (no CPE)range: < 1.23.5-r2
- (no CPE)range: < 1.23.5-r2
- (no CPE)range: < 1.23.5-r2
- (no CPE)range: < 1.23.5-r2
- (no CPE)range: < 1.23.5-r2
- (no CPE)range: < 1.23.5-r2
- (no CPE)range: < 0.8.9-r1
- (no CPE)range: < 0.21.0-r2
- (no CPE)range: < 20250401-r3
- (no CPE)range: < 2.3.3-r1
- (no CPE)range: < 2.3.3-r1
- (no CPE)range: < 25.8.2-r1
- (no CPE)range: < 25.8.2-r1
- (no CPE)range: < 25.8.2-r1
- (no CPE)range: < 25.8.2-r1
- (no CPE)range: < 25.8.2-r1
- (no CPE)range: < 25.8.2-r1
- (no CPE)range: < 25.8.2-r1
- (no CPE)range: < 25.8.2-r1
- (no CPE)range: < 25.8.2-r1
- (no CPE)range: < 2.312.0-r1
- (no CPE)range: < 25.8.2-r1
- (no CPE)range: < 25.8.2-r1
- (no CPE)range: < 25.8.2-r1
- (no CPE)range: < 25.8.2-r1
- (no CPE)range: < 0.1.6-r1
- (no CPE)range: < 0.1.6-r1
- (no CPE)range: < 0.4.52-r2
- (no CPE)range: < 0.51.0-r0
- (no CPE)range: < 0.51.0-r0
- (no CPE)range: < 0.8.9-r1
- (no CPE)range: < 0.8.9-r1
- (no CPE)range: < 0.8.9-r1
- (no CPE)range: < 0.8.9-r1
- (no CPE)range: < 0.8.9-r1
- (no CPE)range: < 0.8.9-r1
- (no CPE)range: < 0.8.9-r1
- (no CPE)range: < 0.8.9-r1
- (no CPE)range: < 0.8.9-r1
- (no CPE)range: < 1.23.5-r2
- (no CPE)range: < 1.23.5-r2
- (no CPE)range: < 1.23.5-r2
- (no CPE)range: < 1.23.5-r2
- (no CPE)range: < 1.23.5-r2
- (no CPE)range: < 1.23.5-r2
- (no CPE)range: < 0.8.9-r1
- (no CPE)range: < 0.21.0-r2
- (no CPE)range: >= 0.4.10, < 0.4.11
- (no CPE)range: < 2.3.3-150600.17.6.1
- (no CPE)range: < 2.3.3-1.1
- (no CPE)range: < 3.1.22-160000.1.1
- (no CPE)range: < 3.1.21-1.1
- (no CPE)range: < 12.0-3.1
- (no CPE)range: < 0.4.5-2.1
- (no CPE)range: < 2.12.0-1.1
- (no CPE)range: < 1.26.7-160000.1.1
- (no CPE)range: < 1.26.5-1.1
- (no CPE)range: < 1.26.7-160000.1.1
- (no CPE)range: < 1.26.7-160000.1.1
- (no CPE)range: < 1.26.7-160000.1.1
- (no CPE)range: < 1.26.7-160000.1.1
- (no CPE)range: < 1.26.7-160000.1.1
- (no CPE)range: < 1.26.7-160000.1.1
- (no CPE)range: < 1.26.7+git0.6ab75814-160000.1.1
- (no CPE)range: < 1.26.5+git11.949807a4-1.1
- (no CPE)range: < 1.26.7-160000.1.1
- (no CPE)range: < 1.26.7-160000.1.1
- (no CPE)range: < 0.2.8+116-160000.1.1
- (no CPE)range: < 0.2.8+12-1.1
- (no CPE)range: < 0.4.2~4-150600.10.6.1
- (no CPE)range: < 1.0.15-2.1
- (no CPE)range: < 2.3.2-2.1
- (no CPE)range: < 1.2.1-1.1
- (no CPE)range: < 2.3.3-150600.17.6.1
- (no CPE)range: < 2.3.3-150600.17.6.1
- (no CPE)range: < 3.1.22-160000.1.1
- (no CPE)range: < 3.1.22-160000.1.1
- (no CPE)range: < 1.26.7-160000.1.1
- (no CPE)range: < 1.26.7-160000.1.1
- (no CPE)range: < 1.3.2-150700.20.2.10
- (no CPE)range: < 0.2.8+12-150400.3.10.1
- (no CPE)range: < 0.2.8+12-150400.3.8.1
- (no CPE)range: < 0.2.8+12-150500.3.8.1
- (no CPE)range: < 0.2.8+12-1.1
- (no CPE)range: < 0.2.8+12-slfo.1.1_1.1
- (no CPE)range: < 0.2.8+116-160000.1.1
- (no CPE)range: < 0.4.2~4-150600.10.6.1
- (no CPE)range: < 0.4.2~4-150600.10.6.1
- (no CPE)range: < 2.1.26-15.22.4
- (no CPE)range: < 2.1.26-15.14.4
- (no CPE)range: < 2.1.26-150700.16.12.1
- (no CPE)range: < 2.1.26-150700.15.9.1
- (no CPE)range: < 1.4.0-150700.15.7.2
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-qx2v-8332-m4fvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-55159ghsaADVISORY
- github.com/tokio-rs/slab/commit/2d65c514bc964b192bab212ddf3c1fcea4ae96b8nvdWEB
- github.com/tokio-rs/slab/pull/152nvdWEB
- github.com/tokio-rs/slab/security/advisories/GHSA-qx2v-8332-m4fvnvdWEB
- rustsec.org/advisories/RUSTSEC-2025-0047.htmlghsaWEB
News mentions
0No linked articles in our index yet.