https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-06-18T12:32:12.705144+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/995de611-d1ad-4cc5-904f-3546cd9104a6/export995de611-d1ad-4cc5-904f-3546cd9104a62026-06-18T12:32:13.050636+00:00Automation userhttps://vulnerability.circl.lu/user/automation{"uuid": "995de611-d1ad-4cc5-904f-3546cd9104a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-VFVV-C25P-M7MM", "type": "seen", "source": "https://gist.github.com/alon710/eb93d50b17daa578bcc910ffc0480f36", "content": "# GHSA-VFVV-C25P-M7MM: GHSA-VFVV-C25P-M7MM: Memory Corruption via Panic Safety Flaw in rkyv Collections\n\n> **CVSS Score:** High (Unscored)\n> **Published:** 2026-05-15\n> **Full Report:** https://cvereports.com/reports/GHSA-VFVV-C25P-M7MM\n\n## Summary\nThe rkyv zero-copy deserialization framework for Rust suffers from a panic safety vulnerability in its manual memory management logic. The flaw allows memory corruption, specifically Double Free and Use-After-Free, when element destructors panic during vector clearance.\n\n## TL;DR\nA panic safety bug in rkyv's `InlineVec::clear` and `SerVec::clear` methods leads to Use-After-Free and Double Free conditions if element destructors panic. Upgrading to 0.8.16 resolves the issue by updating container state before initiating destructors.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-415 / CWE-416\n- **Attack Vector**: Local / Application-Level\n- **Impact**: Memory Corruption / Denial of Service\n- **Exploit Status**: Proof of Concept\n- **KEV Status**: Not Listed\n- **CVSS**: High (Unscored)\n\n## Affected Systems\n\n- Rust applications dependent on rkyv versions >= 0.8.0 and < 0.8.16 utilizing InlineVec or SerVec\n- **rkyv**: >= 0.8.0, < 0.8.16 (Fixed in: `0.8.16`)\n\n## Mitigation\n\n- Upgrade the rkyv dependency to version 0.8.16.\n- Avoid utilizing panicking Drop implementations in data structures serialized or deserialized by rkyv.\n- Avoid catching panics via std::panic::catch_unwind when interacting with unsafe memory containers.\n\n**Remediation Steps:**\n1. Identify the current version of rkyv in your Cargo.toml or Cargo.lock file.\n2. Update the version constraint to require \">=0.8.16\".\n3. Run `cargo update -p rkyv` to apply the patched version.\n4. Recompile and run unit tests with Miri to ensure memory safety bounds are respected.\n\n## References\n\n- [GitHub Security Advisory: GHSA-VFVV-C25P-M7MM](https://github.com/advisories/GHSA-VFVV-C25P-M7MM)\n- [RustSec Advisory Database: RUSTSEC-2026-0122](https://rustsec.org/advisories/RUSTSEC-2026-0122.html)\n- [OSV Data for RUSTSEC-2026-0122](https://api.osv.dev/v1/vulns/RUSTSEC-2026-0122)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-VFVV-C25P-M7MM) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-15T21:10:29.000000Z"}2026-05-15T21:10:29+00:00