Lucene search
+L

187 matches found

debiancve
debiancve
added 2026/06/10 8:16 p.m.15 views

CVE-2026-46673

Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth...

7.5CVSS5.7AI score0.00263EPSS
Exploits0
astralinux
astralinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Net: Atlantic: Fixed an index out of range error in aqvec. The final update statement of the for loop exceeds the array range. The dereference of self-aqveci is not checked, leading to an index out of range error. This issue h...

7.8CVSS6.4AI score0.00169EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in RustC

In the standard library of Rust before version 1.52.0, a double-free error can occur in the Vec::fromiter function if the process of freeing the element causes a panic...

9.8CVSS8.2AI score0.0289EPSS
Exploits1References1
nessus
nessus
added 2026/05/20 12:0 a.m.11 views

Amazon Linux 2023 : cargo, clippy, rust (ALAS2023-2026-1676)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1676 advisory. Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace skips setting the length to zero. CVE-2026-6654 Tenable has extract...

7.3CVSS5.8AI score0.00168EPSS
Exploits1References4
snyk
snyk
added 2026/05/19 11:32 a.m.10 views

Malicious Package

Overview chai-as-vec is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.8AI score
Exploits0References2
ossf
ossf
added 2026/05/19 11:32 a.m.15 views

Malicious code in chai-as-vec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc2944243ad1e093008da195dce566e63cce55ebe7fe0f5eb98ad71ffaddb81d The package chai-as-vec was found to contain malicious code. Source: ghsa-malware 881a1aaf4a8b84da34d86f9eae83889cf848ee573bc5b1b0323a75edf9789e86 An...

5.8AI score
Exploits0References1
osv
osv
added 2026/05/19 11:32 a.m.12 views

MAL-2026-4168 Malicious code in chai-as-vec (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc2944243ad1e093008da195dce566e63cce55ebe7fe0f5eb98ad71ffaddb81d The package chai-as-vec was found to contain malicious code. Source: ghsa-malware 881a1aaf4a8b84da34d86f9eae83889cf848ee573bc5b1b0323a75edf9789e86 An...

5.8AI score
Exploits0References1
amazon
amazon
added 2026/05/14 12:0 a.m.17 views

Important: rust

Issue Overview: Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace skips setting the length to zero. CVE-2026-6654 Affected Packages: rust Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository...

5.1CVSS5.8AI score0.00168EPSS
Exploits1
nessus
nessus
added 2026/05/14 12:0 a.m.8 views

Amazon Linux 2 : rust, --advisory ALAS2-2026-3296 (ALAS-2026-3296)

The version of rust installed on the remote host is prior to 1.95.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3296 advisory. Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace...

7.3CVSS5.8AI score0.00168EPSS
Exploits1References4
github
github
added 2026/05/07 8:55 p.m.16 views

Zebra Vulnerable to Allocation Amplification in Inbound Network Deserializers

CVE-2026-44500: Allocation Amplification in Inbound Network Deserializers Summary Several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter protocol or consensus limits were enforced. An unauthenticated or...

5.3CVSS5.8AI score0.00362EPSS
Exploits1References4Affected Software3
euvd
euvd
added 2026/04/22 3:31 p.m.7 views

EUVD-2026-24764

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel BUG in netfslimititer for ITERKVEC iterators When a process crashes and the kernel writes a core dump to a 9P filesystem, kernelwrite creates an ITERKVEC iterator. This iterator reaches netfslimititer via...

5.6AI score0.00122EPSS
Exploits0References5
osv
osv
added 2026/04/22 1:53 p.m.2 views

CVE-2026-31438 netfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel BUG in netfslimititer for ITERKVEC iterators When a process crashes and the kernel writes a core dump to a 9P filesystem, kernelwrite creates an ITERKVEC iterator. This iterator reaches netfslimititer via...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References7
nvd
nvd
added 2026/04/20 11:16 a.m.6 views

CVE-2026-6654

Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace skips setting the length to zero...

7.3CVSS0.00168EPSS
Exploits1References4
ubuntucve
ubuntucve
added 2026/04/20 11:16 a.m.7 views

CVE-2026-6654

Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace skips setting the length to zero...

5.1CVSS5.8AI score0.00168EPSS
Exploits1References2
euvd
euvd
added 2026/04/20 10:5 a.m.6 views

EUVD-2026-23832

Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace skips setting the length to zero...

5.1CVSS5.8AI score0.00168EPSS
Exploits1References1
cve
cve
added 2026/04/20 10:5 a.m.21 views

CVE-2026-6654

CVE-2026-6654 : A Double-Free / Use-After-Free in the thin_vec crate (IntoIter::drop and ThinVec::clear) can occur when a panic in ptr::drop_in_place prevents zero-length update. Connected docs specify the affected component as the thin_vec crate (Rust ecosystem) with the IBM Open SDK for Rust on...

7.3CVSS5.8AI score0.00168EPSS
Exploits1References4Affected Software1
cnnvd
cnnvd
added 2026/04/20 12:0 a.m.9 views

thin-vec 安全漏洞

Thin-vec is a memory-efficient vector container open-sourced by Mozilla. Thin-vec has a security vulnerability, which stems from the double deallocation or reallocation of resources after deallocation in functions IntoIter::drop and ThinVec::clear. This issue may lead to a panic condition when...

5.1CVSS5.8AI score0.00168EPSS
Exploits1References1
nessus
nessus
added 2026/04/20 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-6654

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear functions in the thinvec crate. A panic in ptr::dropinplace skips setting the length t...

7.3CVSS5.8AI score0.00168EPSS
Exploits1References3
osv
osv
added 2026/04/15 7:24 p.m.4 views

GHSA-XPHW-CQX3-667J thin-vec: Use-After-Free and Double Free in IntoIter::drop When Element Drop Panics

Summary A Double Free / Use-After-Free UAF vulnerability has been identified in the IntoIter::drop and ThinVec::clear implementations of the thinvec crate. Both vulnerabilities share the same root cause and can trigger memory corruption using only safe Rust code — no unsafe blocks required...

7.3CVSS6AI score0.00168EPSS
Exploits1References4
osv
osv
added 2026/04/14 12:0 p.m.7 views

RUSTSEC-2026-0103 Use-After-Free and Double Free in IntoIter::drop When Element Drop Panics

A Double Free / Use-After-Free UAF vulnerability has been identified in the IntoIter::drop and ThinVec::clear implementations of the thin-vec crate. Both vulnerabilities share the same root cause and can trigger memory corruption using only safe Rust code - no unsafe blocks required. Undefined...

7.3CVSS5.8AI score0.00168EPSS
Exploits1References3
Rows per page
Query Builder