Lucene search
+L

4 matches found

ibm
ibm
added 2026/05/14 2:59 p.m.10 views

Security Bulletin: Cargo in IBM Open SDK for Rust on AIX uses a vulnerable version of thin-vec (CVE-2026-6654)

Summary The cargo package manager in IBM Open SDK for Rust on AIX 1.90.0.1 and 1.92.0.1 uses the thin-vec-0.2.14 crate, which is vulnerable to a double free error. Vulnerability Details CVEID:CVE-2026-6654 DESCRIPTION: Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear...

7.3CVSS5.8AI score0.00168EPSS
Exploits1Affected Software1
osv
osv
added 2026/04/20 11:16 a.m.6 views

UBUNTU-CVE-2026-6654

Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace skips setting the length to zero...

7.3CVSS5.8AI score0.00168EPSS
Exploits1References3
debiancve
debiancve
added 2026/04/20 10:5 a.m.4 views

CVE-2026-6654

Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace skips setting the length to zero...

7.3CVSS5.2AI score0.00168EPSS
Exploits1
github
github
added 2026/04/15 7:24 p.m.8 views

thin-vec: Use-After-Free and Double Free in IntoIter::drop When Element Drop Panics

Summary A Double Free / Use-After-Free UAF vulnerability has been identified in the IntoIter::drop and ThinVec::clear implementations of the thinvec crate. Both vulnerabilities share the same root cause and can trigger memory corruption using only safe Rust code — no unsafe blocks required...

7.3CVSS6.1AI score0.00168EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder