DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-Q95X-7G78-RCCV: GHSA-Q95X-7G78-RCCV: Safe Rust Memory Corruption via Use-After-Free in oneringbuf Crate

GHSA-Q95X-7G78-RCCV: Safe Rust Memory Corruption via Use-After-Free in oneringbuf Crate

Vulnerability ID: GHSA-Q95X-7G78-RCCV
CVSS Score: 6.3
Published: 2026-07-08

A critical Use-After-Free (UAF) memory corruption vulnerability exists in the oneringbuf Rust crate prior to version 0.8.0. The vulnerability allows safe Rust code to instantiate and clone reference wrappers that point to heap-allocated ring buffers. Dropping one wrapper prematurely reclaims the backing memory, leading to dangling pointer references and subsequent Use-After-Free or Double Free states.

TL;DR

A public API design flaw in the oneringbuf crate allows safe Rust code to trigger a heap Use-After-Free and Double Free via premature deallocation of shared heap-backed ring buffers.


⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-416 (Use After Free)
  • Attack Vector: Network
  • Attack Complexity: Low
  • Attack Requirements: Present (Application using specific public API)
  • CVSS v4.0: 6.3 (Medium)
  • Exploit Status: Proof-of-Concept Available
  • CISA KEV Status: Not Listed

Affected Systems

  • oneringbuf (Rust crate)
  • oneringbuf: < 0.8.0 (Fixed in: 0.8.0)

Code Analysis

Commit: 643a24b

Removed into_ref buffers' method. It is useless and its misuse could trigger a heap-use-after-free

Mitigation Strategies

  • Upgrade oneringbuf dependency to 0.8.0 or newer
  • Audit dependencies using cargo-audit to ensure vulnerable versions are not transitively imported

Remediation Steps:

  1. Open Cargo.toml in the affected Rust project.
  2. Locate the dependency line for oneringbuf.
  3. Modify the version requirement to '^0.8.0'.
  4. Run 'cargo update' to apply the changes.
  5. Verify with 'cargo audit' to ensure the threat is cleared.

References


Read the full report for GHSA-Q95X-7G78-RCCV on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)