GHSA-v5m7-53cv-f3hx
Suggest an improvement- Source
- https://github.com/advisories/GHSA-v5m7-53cv-f3hx
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-v5m7-53cv-f3hx/GHSA-v5m7-53cv-f3hx.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-v5m7-53cv-f3hx
- Aliases
- Published
- 2021-08-25T21:01:13Z
- Modified
- 2023-11-08T04:02:35.713139Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- crossbeam-channel Undefined Behavior before v0.4.4
- Details
-
Impact
The affected version of this crate's the
boundedchannel incorrectly assumes thatVec::from_iterhas allocated capacity that same as the number of iterator elements.Vec::from_iterdoes not actually guarantee that and may allocate extra memory. The destructor of theboundedchannel reconstructsVecfrom the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity whenVec::from_iterhas allocated different sizes with the number of iterator elements.Patches
This has been fixed in crossbeam-channel 0.4.4.
We recommend users to upgrade to 0.4.4.
References
See https://github.com/crossbeam-rs/crossbeam/pull/533, https://github.com/crossbeam-rs/crossbeam/issues/539, and https://github.com/RustSec/advisory-db/pull/425 for more details.
License
This advisory is in the public domain.
- References
-
- https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-v5m7-53cv-f3hx
- https://nvd.nist.gov/vuln/detail/CVE-2020-15254
- https://github.com/crossbeam-rs/crossbeam/issues/539
- https://github.com/RustSec/advisory-db/pull/425
- https://github.com/crossbeam-rs/crossbeam/pull/533
- https://github.com/crossbeam-rs/crossbeam
- https://rustsec.org/advisories/RUSTSEC-2020-0052.html
Affected packages
crates.io / crossbeam-channel
Package
- Name
- crossbeam-channel
- View open source insights on deps.dev
- Purl
- pkg:cargo/crossbeam-channel