CVE-2020-35904 – crossbeam-channel

Package

Manager: cargo
Name: crossbeam-channel
Vulnerable Version: >=0.4.3 <0.4.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00057 pctl0.17642

Details

Incorrect buffer size in crossbeam-channel The affected version of this crate's the bounded channel incorrectly assumes that Vec::from_iter has allocated capacity that same as the number of iterator elements. Vec::from_iter does not actually guarantee that and may allocate extra memory. The destructor of the bounded channel reconstructs Vec from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity when Vec::from_iter has allocated different sizes with the number of iterator elements.

Metadata

Created: 2021-08-25T20:49:43Z
Modified: 2023-06-13T17:11:53Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-m8h8-v6jh-c762/GHSA-m8h8-v6jh-c762.json
CWE IDs: ["CWE-131"]
Alternative ID: GHSA-m8h8-v6jh-c762
Finding: F316
Auto approve: 1