{"id":"CVE-2026-6654","summary":"Use-After-Free and Double-Free in IntoIter::drop when element drop panics","details":"Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero.","aliases":["GHSA-xphw-cqx3-667j","RUSTSEC-2026-0103"],"modified":"2026-07-08T08:10:01.088978375Z","published":"2026-04-20T10:05:52.339Z","related":["CGA-955g-5fgm-8m9j"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/6xxx/CVE-2026-6654.json","cna_assigner":"mozilla"},"references":[{"type":"WEB","url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6654.json"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2026-6654"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/6xxx/CVE-2026-6654.json"},{"type":"ADVISORY","url":"https://github.com/mozilla/thin-vec/security/advisories/GHSA-xphw-cqx3-667j"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6654"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2459689"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mozilla/thin-vec","events":[{"introduced":"70bcca0960a7e11056fa3281445d08052421dab5"},{"last_affected":"70bcca0960a7e11056fa3281445d08052421dab5"}],"database_specific":{"source":"CPE_STRING","extracted_events":[{"introduced":"0.2.15"},{"last_affected":"0.2.15"}],"cpe":"cpe:2.3:a:mozilla:thin-vec:0.2.15:*:*:*:*:rust:*:*"}}],"versions":["0.2.15","v0.2.15"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-6654.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}]}