RUSTSEC-2026-0128

See a problem?
Please try reporting it to the source first.
Source
https://rustsec.org/advisories/RUSTSEC-2026-0128
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0128.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2026-0128
Published
2026-05-02T12:00:00Z
Modified
2026-05-13T12:30:06.615206Z
Summary
Double-free and use-after-free in `Keys::next()`
Details

Keys::next() uses ptr::read to move out the Option<V> by value, which drops the contained V when V is non-Copy (e.g. String). This leaves a dangling value in the map's storage slot. Subsequent get() operations on that key return a dangling reference to already-freed memory.

This can be triggered through safe public APIs — Map::keys(), Keys::next(), and Map::get() — with no unsafe required from the caller. Under Miri, accessing the freed slot produces "Undefined Behavior: pointer not dereferenceable: alloc has been freed, so this pointer is dangling".

Database specific 
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / emap

Package

Name
emap
View open source insights on deps.dev
Purl
pkg:cargo/emap

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0

Ecosystem specific 

{
    "affects": {
        "arch": [],
        "functions": [],
        "os": []
    },
    "affected_functions": null
}

Database specific

categories 
[
    "memory-corruption"
]
source 
"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0128.json"
cvss 
null
informational 
"unsound"