CyberRota
← Ana sayfaya dön

CVE-2026-55406

UNKNOWN · CVSS N/A Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-16T17:16:57.623 · Çekilme zamanı: 2026-07-17T00:26:13.374499+00:00

CyberRota Yorumu

Bellek tüketimine neden olabilir.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-55406
Severity
UNKNOWN
CVSS
N/A
EPSS
Yok

Orijinal NVD Açıklaması

Buffa is a pure-Rust Protocol Buffers implementation with first-class protobuf editions support. Prior to 0.7.0, a soundness bug in the OwnedView<V> type allowed safe Rust code to trigger a use-after-free: the OwnedView::decode constructor transmuted a borrowed slice to &'static [u8], and the Deref implementation exposed the promoted 'static lifetime on borrowed view fields (such as &'static str and &'static [u8]) to callers, so the borrow checker permitted those references to outlive the OwnedView; once the OwnedView was dropped and its backing buffer freed, the references became dangling, enabling memory corruption, information disclosure of freed heap contents, and cross-thread misuse without any unsafe code in the calling application. This issue is fixed in version 0.7.0.