Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

thin-vec

Source -

CNANVD

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

1
Related CVEsRelated VendorsRelated AssignersReports
1Vulnerabilities found

CVE-2026-6654
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.17% / 6.48%
||
7 Day CHG+0.03%
Published-20 Apr, 2026 | 10:05
Updated-30 Jun, 2026 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use-After-Free and Double-Free in IntoIter::drop when element drop panics

Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-thin-vecthin-vecRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux AI (RHEL AI) 3
CWE ID-CWE-1341
Multiple Releases of Same Resource or Handle
CWE ID-CWE-415
Double Free
CWE ID-CWE-416
Use After Free