CVE-2020-35893: Off-by-one error in simple-slab

August 25, 2021

An issue was discovered in the simple-slab crate before 0.3.3 for Rust. remove() has an off-by-one error, causing memory leakage and a drop of uninitialized memory.

References

github.com/advisories/GHSA-hqc8-j86x-2764
github.com/nathansizemore/simple-slab
github.com/nathansizemore/simple-slab/commit/5e0524c1db836e2192e1cd818848d96937c0b587
github.com/nathansizemore/simple-slab/issues/2
nvd.nist.gov/vuln/detail/CVE-2020-35893
rustsec.org/advisories/RUSTSEC-2020-0039.html

Code Behaviors & Features

Detect and mitigate CVE-2020-35893 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →