bytes crate

About this tag
The bytes crate is a foundational Rust library for handling byte buffers, widely used in async runtimes and networking code. A recent vulnerability, CVE-2026-25541, was discovered in the BytesMut::reserve method, where an integer overflow could corrupt internal capacity and lead to out-of-bounds memory access. This affects all versions from 1.2.1 up to but not including 1.11.1, and has been patched in bytes 1.11.1. Users are advised to update their dependencies to avoid undefined behavior in release builds. The issue highlights the importance of memory safety in low-level Rust crates.
  1. Rust Bytes Vulnerability CVE-2026-25541: Memory Safety in BytesMut Reserve

    A subtle integer overflow in a core bytes buffer implementation has quietly rippled through Rust’s async ecosystem: the Bytes crate’s BytesMut::reserve path can corrupt its internal capacity (cap) when an unchecked addition wraps, allowing subsequent operations to create out‑of‑bounds slices and...