GHSA-VFVV-C25P-M7MM: GHSA-VFVV-C25P-M7MM: Memory Corruption via Panic Safety Flaw in rkyv Collect…

1 / 2

GHSA-VFVV-C25P-M7MM: GHSA-VFVV-C25P-M7MM: Memory Corruption via Panic Safety Flaw in rkyv Collections

DEV Community·CVE Reports·17 days ago

#gsgAcOGi

#security #cve #cybersecurity #ghsa #rkyv #panic

Reading 0:00

15s threshold

GHSA-VFVV-C25P-M7MM: Memory Corruption via Panic Safety Flaw in rkyv Collections Vulnerability ID: GHSA-VFVV-C25P-M7MM CVSS Score: High (Unscored) Published: 2026-05-15 The rkyv zero-copy deserialization framework for Rust suffers from a panic safety vulnerability in its manual memory management logic. The flaw allows memory corruption, specifically Double Free and Use-After-Free, when element destructors panic during vector clearance. TL;DR A panic safety bug in rkyv's InlineVec::clear and SerVec::clear methods leads to Use-After-Free and Double Free conditions if element destructors panic. Upgrading to 0.8.16 resolves the issue by updating container state before initiating destructors.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

GHSA-VFVV-C25P-M7MM: GHSA-VFVV-C25P-M7MM: Memory Corruption via Panic Safety Flaw in rkyv Collections