Wiz
Vulnerability DatabaseRUSTSEC-2022-0078

RUSTSEC-2022-0078
Rust vulnerability analysis and mitigation

Overview

RUSTSEC-2022-0078 is a security vulnerability discovered in the Bumpalo library, a fast bump allocation arena for Rust. The vulnerability was identified in version 3.11.0 and earlier versions, where the bumpalo::collections::IntoIter implementation did not properly handle lifetime checks, potentially leading to use-after-free bugs (Bumpalo Changelog).

Technical details

The vulnerability stems from a design flaw where the std::vec::IntoIter was ported to bumpalo::collections::vec::IntoIter without properly threading the underlying Bump's lifetime through the implementation. This meant that the Rust compiler was not performing the necessary borrow checks for bumpalo::collections::IntoIter (Bumpalo Changelog).

Impact

The vulnerability could result in use-after-free bugs, which occur when a program continues to use memory after it has been freed. This type of vulnerability can lead to program crashes, unpredictable behavior, or potential security exploits where attackers could manipulate freed memory (Bumpalo Changelog).

Mitigation and workarounds

The vulnerability was fixed in version 3.11.1, released on October 18, 2022. Users should upgrade to this version or later to resolve the security issue. The fix properly implements lifetime threading through the IntoIter implementation, ensuring that the Rust compiler can correctly enforce borrow checking (Bumpalo Changelog).

Additional resources

SourceThis report was generated using AI

Related Rust vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2026-22257HIGH8.8
  • RustRust
  • salvo
NoYesJan 08, 2026
CVE-2026-22698HIGH8.7
  • RustRust
  • sm2
NoNoJan 10, 2026
CVE-2026-22699HIGH7.5
  • RustRust
  • sm2
NoNoJan 10, 2026
GHSA-g59m-gf8j-gjf5LOW3.7
  • RustRust
  • aws-sdk-neptunedata
NoYesJan 08, 2026
GHSA-585q-cm62-757jLOW2
  • RustRust
  • mnl
NoNoJan 09, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo