GHSA-rwf4-gx62-rqfw – crossbeam

Package

Manager: cargo
Name: crossbeam
Vulnerable Version: >=0 <0.3.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:R

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

`MsQueue` `push`/`pop` use the wrong orderings Affected versions of this crate use orderings which are too weak to support this data structure. It is likely this has caused memory corruption in the wild: <https://github.com/crossbeam-rs/crossbeam/issues/97#issuecomment-412785919>.

Metadata

Created: 2022-06-08T22:28:27Z
Modified: 2022-06-08T22:28:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-rwf4-gx62-rqfw/GHSA-rwf4-gx62-rqfw.json
CWE IDs: []
Alternative ID: N/A
Finding: F124
Auto approve: 1