GHSA-j8cj-hw74-64jv: Hive has Double-free and Use After Free Vulnerabilities

February 28, 2026

Drop implementation for Hive did perform free, but so did Hive::close, which, at the end of the scope performed Drop, therefore triggering double-free.

Additionally, function Hive::from_handle was not marked as unsafe, making it, in combination with as_handle easy to clone and trigger double-free in safe code or triggering UB when using invalid pointer.

References

codeberg.org/1millibyte/toolsnt/commit/f4c7a0d1fc4a08ce40bb76e447a69a6f383a916e
codeberg.org/1millibyte/toolsnt/issues/18
docs.rs/crate/hivex
docs.rs/crate/hivex/0.2.1/source
github.com/advisories/GHSA-j8cj-hw74-64jv
rustsec.org/advisories/RUSTSEC-2026-0029.html

Code Behaviors & Features

Detect and mitigate GHSA-j8cj-hw74-64jv with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →