RUSTSEC-2025-0047: Out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check

[github-actions]

Details
Package	slab
Version	0.4.10
URL	GHSA-qx2v-8332-m4fv
Patched Versions	>=0.4.11
Unaffected Versions	<0.4.10
Aliases	CVE-2025-55159, GHSA-qx2v-8332-m4fv

Impact

The get_disjoint_mut method in slab v0.4.10 incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes.

Patches

This has been fixed in slab v0.4.11.

Workarounds

Avoid using get_disjoint_mut with indices that might be beyond the slab's actual length, or upgrade to v0.4.11 or later.

References

• Fix get_disjoint_mut error condition tokio-rs/slab#152

[tac0turtle]

@claude can you fix this in our repo

[claude]

Claude finished @tac0turtle's task —— View job • claude/issue-2563-20250812-1037 • Create PR ➔

---

Fixing RUSTSEC-2025-0047 Security Vulnerability ✅

I've successfully fixed the security vulnerability in the slab crate (RUSTSEC-2025-0047).

Todo List:

• Search the codebase for Rust dependencies and slab crate usage
• Update the vulnerable dependency to v0.4.11+
• Commit and push changes

What I Fixed:

The vulnerability was in slab v0.4.10 where the get_disjoint_mut method incorrectly checked indices against capacity instead of length, allowing out-of-bounds access to uninitialized memory.

Changes Made:

1. Added security override: Added slab = "0.4.11" to workspace dependencies in /Cargo.toml
2. Updated lock file: Updated Cargo.lock to use the secure version (v0.4.11)
3. Verified fix: The slab crate is now using v0.4.11 which contains the security patch

Security Impact:

• Before: Using vulnerable slab v0.4.10 with potential out-of-bounds memory access
• After: Using patched slab v0.4.11 with proper bounds checking

[tac0turtle]

closed by #2568