aikido.dev Secure My Code

Intel/AIKIDO-2026-10655

AIKIDO-2026-10655

glib is vulnerable to Use-after-free

Use-after-free Pre-CVE Published Apr 30, 2026

68

Medium Risk

This Affects:

rust

0.0.1 - 0.22.6

Fixed in 0.22.7

Are you affected? Scan for Free

TL;DR

In glib collection retain() for list/slist, deleting the current (possibly head) node could invalidate pointers/links that were later used during element dropping, leading to a use-after-free. The patch changes the deletion flow to update the head pointer from g_list_delete_link/g_slist_delete_link and only then drop the preserved element value, preventing use of stale list pointers.

Who does this affect?

You are using the glib List/SList retain() logic in versions prior to 0.22.7

Background info

glib is vulnerable to Use-after-free in versions 0.0.1 - 0.22.6.

How to fix this

Upgrade to version 0.22.7 or later

68

Medium Risk

This Affects:

rust

0.0.1 - 0.22.6

Fixed in 0.22.7

Are you affected? Scan for Free

Links

github.com/gtk-rs/gtk-rs-core/compare/0.22.6...0.22.7

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Free. No credit card required.

Aikido Platform

Company

Resources

Industries

Use Cases

Compare

Legal

Connect

hello@aikido.dev

Security

Subscribe

Stay up to date with all updates

LinkedIn YouTube X

© 2026 Aikido Security BV | BE0792914919

Keizer Karelstraat 15, 9000, Ghent, Belgium

95 Third St, 2nd Fl, San Francisco, CA 94103, US

Unit 6.15 Runway East 18 18 Crucifix Ln, London SE1 3JW UK

Ghent, Belgium | San Francisco, US

SOC 2

ISO 27001

ISO 27001Compliant

Get Security Done