Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Hive software may crash or behave unexpectedly
GHSA-j8cj-hw74-64jv
Summary
A bug in the Hive software can cause it to crash or behave unexpectedly, potentially leading to data loss or security issues. This is due to a programming error that can be triggered by certain actions, such as closing the software or using it in a way that creates invalid pointers. To avoid these issues, it's recommended to update to the latest version of Hive or use it in a way that avoids the problematic code paths.
What to do
- Update hivex to version 0.2.1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | hivex | 0.2.0 | 0.2.1 |
Original title
Hive has Double-free and Use After Free Vulnerabilities
Original description
`Drop` implementation for `Hive` did perform free, but so did `Hive::close`, which, at the end of the scope performed `Drop`, therefore triggering double-free.
Additionally, function `Hive::from_handle` was not marked as unsafe, making it, in combination with `as_handle` easy to clone and trigger double-free in safe code or triggering UB when using invalid pointer.
Additionally, function `Hive::from_handle` was not marked as unsafe, making it, in combination with `as_handle` easy to clone and trigger double-free in safe code or triggering UB when using invalid pointer.
Vulnerability type
CWE-415
CWE-416
Use After Free
Published: 28 Feb 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026