CVE-2026-6654

Published: Apr 20, 2026Modified: May 12, 2026

5.1

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability: 2.5 / Impact: 2.5

Source: NVD

Description

Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero.

Affected (1)

Products: Mozilla: Thin Vec

Mozilla

1 product

Thin Vec

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Thin Vec	Version 0.2.15

Related CWEs

CWE-415

Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (1)

https://github.com/mozilla/thin-vec/security/advisories/GHSA-xphw-cqx3-667j

Source: security@mozilla.org

ExploitVendor Advisory

Timeline

No history available yet.