CVE-2026-25541
CVE-2026-25541 affects the Bytes Rust crate for versions 1.2.1 through 1.11.0. The issue is an integer overflow in BytesMut::reserve during the unique reclaim path, where an unchecked addition can make v_capacity >= new_cap + offset pass in release builds, causing self.cap to exceed allocated ...