CVE-2026-6654
published 2026-04-20CVE-2026-6654: Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting…
medium5.1CVSS 3.1
AVLACLPRNUINSUCLILAN
Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | — | — |
| mozilla | thin-vec | — | — |
| mozilla | thunderbird | — | — |
| rust-lang | rust | — | — |
| rust-toolset_rhel8 | rust | — | — |