CVE-2020-15254 – crossbeam-channel

Package

Manager: cargo
Name: crossbeam-channel
Vulnerable Version: =0.4.3 || >=0.4.3 <0.4.4

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.0051 pctl0.65401

Details

crossbeam-channel Undefined Behavior before v0.4.4 ### Impact The affected version of this crate's the `bounded` channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The destructor of the `bounded` channel reconstructs `Vec` from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity when `Vec::from_iter` has allocated different sizes with the number of iterator elements. ### Patches This has been fixed in crossbeam-channel 0.4.4. We recommend users to upgrade to 0.4.4. ### References See https://github.com/crossbeam-rs/crossbeam/pull/533, https://github.com/crossbeam-rs/crossbeam/issues/539, and https://github.com/RustSec/advisory-db/pull/425 for more details. ### License This advisory is in the public domain.

Metadata

Created: 2021-08-25T21:01:13Z
Modified: 2022-08-10T23:46:00Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-v5m7-53cv-f3hx/GHSA-v5m7-53cv-f3hx.json
CWE IDs: ["CWE-119", "CWE-401"]
Alternative ID: GHSA-v5m7-53cv-f3hx
Finding: F067
Auto approve: 1