HomeCVE Intelligence › CVE-2026-44983
CVSS 7.3 HIGH Vulnerability

CVE-2026-44983: smallbitvec: Integer overflow in safe API leads to heap buffer overflow

Summary An integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocation, resulting in a heap buffer overflow through safe APIs only. This allows memory corruption withou…

7.3CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-44983
Vendorrust
Affected Productsmallbitvec
Vulnerability TypeVulnerability
CVSS Score7.3 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Summary

An integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocation, resulting in a heap buffer overflow through safe APIs only. This allows memory corruption without requiring unsafe code from the caller.

Details

• buffer_len(cap)` may return a value significantly smaller than required.
• The backing storage

The issue originates from unchecked arithmetic in the internal helper function responsible for computing the required buffer size: `` (cap + bits_per_storage() - 1) / bits_per_storage() ` When cap is close to usize::MAX, the addition: ` cap + bits_per_storage() - 1 ` can overflow in release builds and wrap around due to Rust’s default wrapping semantics for integer overflow in optimized builds. As a result:

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-44983 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence