CVE-2026-6654

Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace skips setting the length to zero...

CVE-2026-6654

The CVE-2026-6654 issue affects the thin_vec crate, specifically the IntoIter::drop and ThinVec::clear paths. The vulnerability arises from a Double-Free / Use-After-Free (UAF) when element drops panic, causing a panic in ptr::drop_in_place that fails to zero the length. This is documented across...

thin-vec 安全漏洞

Thin-vec is a memory-efficient vector container open-sourced by Mozilla. Thin-vec has a security vulnerability, which stems from the double deallocation or reallocation of resources after deallocation in functions IntoIter::drop and ThinVec::clear. This issue may lead to a panic condition when...

Linux Distros Unpatched Vulnerability : CVE-2026-6654

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace skips setting the length t...

thin-vec: Use-After-Free and Double Free in IntoIter::drop When Element Drop Panics

Summary A Double Free / Use-After-Free UAF vulnerability has been identified in the IntoIter::drop and ThinVec::clear implementations of the thinvec crate. Both vulnerabilities share the same root cause and can trigger memory corruption using only safe Rust code — no unsafe blocks required...

GHSA-XPHW-CQX3-667J thin-vec: Use-After-Free and Double Free in IntoIter::drop When Element Drop Panics

Summary A Double Free / Use-After-Free UAF vulnerability has been identified in the IntoIter::drop and ThinVec::clear implementations of the thinvec crate. Both vulnerabilities share the same root cause and can trigger memory corruption using only safe Rust code — no unsafe blocks required...

Use-After-Free and Double Free in IntoIter::drop When Element Drop Panics

A Double Free / Use-After-Free UAF vulnerability has been identified in the IntoIter::drop and ThinVec::clear implementations of the thin-vec crate. Both vulnerabilities share the same root cause and can trigger memory corruption using only safe Rust code - no unsafe blocks required. Undefined...

RUSTSEC-2026-0103 Use-After-Free and Double Free in IntoIter::drop When Element Drop Panics

A Double Free / Use-After-Free UAF vulnerability has been identified in the IntoIter::drop and ThinVec::clear implementations of the thin-vec crate. Both vulnerabilities share the same root cause and can trigger memory corruption using only safe Rust code - no unsafe blocks required. Undefined...

CVE-2022-0636

A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992770)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992770 advisory. In the Linux kernel, the following vulnerability has been resolved: dm thin: fix use-after-free crash in dmsmregisterthresholdcallback Fault inject on pool metadata...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992428)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992428 advisory. In the Linux kernel, the following vulnerability has been resolved: dm thin: fix use-after-free crash in dmsmregisterthresholdcallback Fault inject on pool metadata...

net.snowflake:snowflake-jdbc-thin (=4.0.0), org.apache.hadoop:hadoop-aws (=3.4.2) +6 more potentially affected by CVE-2025-14763 via software.amazon.encryption.s3:amazon-s3-encryption-client-java (>=3.1.1 <=3.5.0)

software.amazon.encryption.s3:amazon-s3-encryption-client-java MAVEN version =3.1.1, =2.7.0, =2.7.0, =2.7.0, =2.7.0, =2.7.0, =2.7.0, =2.7.2 Source cves: CVE-2025-14763 Source advisory: SNYK:JAVA-SOFTWAREAMAZONENCRYPTIONS3-14465279...

EUVD-2025-117028

Malicious code in thin-teal-lion npm...

EUVD-2025-117029

Malicious code in thin-copper-leopard npm...

EUVD-2025-117030

Malicious code in thin-blue-guan npm...

Malicious code in thin-blue-guan (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18545b51bbc892f47f3801016388c75c7f3eab05df8f12b9b06bb5d5286a241c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-71326

Malicious code in thinnarwhalz3n npm...

Malicious code in thin_blackbird_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e9077ac7e2ddc2d88dc97150d02365c773a67e76460e09fa472d51546de687f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-98964 Malicious code in thin_narwhal_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f372ce44e56727d3abbfa7de59e16b662d7c4b60db80ec1cfa1e52c68555a1a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in thin-amber-bird (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0833edff1dc7b446c54e45b19063371e621d8382d3f166333b43a22fe5ed20db This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...