7 matches found
CVE-2026-6654 Use-After-Free and Double-Free in IntoIter::drop when element drop panics
Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace skips setting the length to zero...
CVE-2026-6654 Use-After-Free and Double-Free in IntoIter::drop when element drop panics
Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace skips setting the length to zero...
GHSA-XPHW-CQX3-667J thin-vec: Use-After-Free and Double Free in IntoIter::drop When Element Drop Panics
Summary A Double Free / Use-After-Free UAF vulnerability has been identified in the IntoIter::drop and ThinVec::clear implementations of the thinvec crate. Both vulnerabilities share the same root cause and can trigger memory corruption using only safe Rust code — no unsafe blocks required...
CVE-2026-27195 Wasmtime is vulnerable to panic when dropping a `[Typed]Func::call_async` future
Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39.0.0, the component-model-async feature became the default, which brought with it a new implementation of TypedFunc::callasync which made it capable of calling async-typed guest export functions. However, that implementation had a bu...
CVE-2021-28035
An issue was discovered in the stackdst crate before 0.6.1 for Rust. Because of the pushinner behavior, a drop of uninitialized memory can occur upon a val.clone panic...
CVE-2021-25902
An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, maparray can perform a double drop...
rust: double free in Vec::from_iter function if freeing the element panics
In the standard library in Rust before 1.52.0, a double free can occur in the Vec::fromiter function if freeing the element panics...