CVE Catalog

CVE-2026-6654

MediumCVSS 5.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile - higher than 6% of all known CVEs

Summary

A double-free and use-after-free vulnerability was found in the `IntoIter::drop` and `ThinVec::clear` functions of the thin_vec crate. A panic in `ptr::drop_in_place` skips resetting the length to zero.

Risk Assessment

An attacker could exploit this vulnerability to execute arbitrary code or cause a system crash, compromising data integrity and availability.

Recommendation

Immediately update the thin_vec crate to the latest patched version to eliminate the double-free and use-after-free issues.

Original NVD description (English source)

Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS