CVE-2026-6654

Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace skips setting the length to zero...

CVE-2026-6654

Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace skips setting the length to zero...

thin-vec 安全漏洞

Thin-vec is a memory-efficient vector container open-sourced by Mozilla. Thin-vec has a security vulnerability, which stems from the double deallocation or reallocation of resources after deallocation in functions IntoIter::drop and ThinVec::clear. This issue may lead to a panic condition when...

GHSA-XPHW-CQX3-667J thin-vec: Use-After-Free and Double Free in IntoIter::drop When Element Drop Panics

Summary A Double Free / Use-After-Free UAF vulnerability has been identified in the IntoIter::drop and ThinVec::clear implementations of the thinvec crate. Both vulnerabilities share the same root cause and can trigger memory corruption using only safe Rust code — no unsafe blocks required...

PT-2026-33753

Name of the Vulnerable Software and Affected Versions thin vec version 0.2.14 Description A Double-Free and Use-After-Free UAF issue exists in the IntoIter::drop and ThinVec::clear functions. The problem occurs when a panic is triggered during sequential element deallocation via the ptr::drop in...

EUVD-2021-1844

Malware in sbrugna...

RUSTSEC-2022-0078 Use-after-free due to a lifetime error in `Vec::into_iter()`

In affected versions of this crate, the lifetime of the iterator produced by Vec::intoiter is not constrained to the lifetime of the Bump that allocated the vector's memory. Using the iterator after the Bump is dropped causes use-after-free accesses. The following example demonstrates memory...

Use after free in heapless

An issue was discovered in the heapless crate before 0.6.1 for Rust. The IntoIter Clone implementation clones an entire underlying Vec without considering whether it has already been partially consumed...

CVE-2020-36464

An issue was discovered in the heapless crate before 0.6.1 for Rust. The IntoIter Clone implementation clones an entire underlying Vec without considering whether it has already been partially consumed...

Design/Logic Flaw

An issue was discovered in the heapless crate before 0.6.1 for Rust. The IntoIter Clone implementation clones an entire underlying Vec without considering whether it has already been partially consumed...

Use-after-free when cloning a partially consumed `Vec` iterator

The IntoIter Clone implementation clones the whole underlying Vec. If the iterator is partially consumed the consumed items will be copied, thus creating a use-after-free access. A proof of concept is available in the original bug report...