CVE Catalog
CVE-2026-6654
MediumCVSS 5.1Exploitation Probability (EPSS)
Low risk0.17%
6th percentile - higher than 6% of all known CVEs
Summary
A double-free and use-after-free vulnerability was found in the `IntoIter::drop` and `ThinVec::clear` functions of the thin_vec crate. A panic in `ptr::drop_in_place` skips resetting the length to zero.
Risk Assessment
An attacker could exploit this vulnerability to execute arbitrary code or cause a system crash, compromising data integrity and availability.
Recommendation
Immediately update the thin_vec crate to the latest patched version to eliminate the double-free and use-after-free issues.
Original NVD description (English source)
Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero.

