4 matches found
CVE-2022-23639
The CVE-2022-23639 issue affects crossbeam-utils prior to 0.8.7, where alignment of {i,u}64 was assumed to match Atomic{I,U}64. On some 32-bit targets, {i,u}64 alignment can be smaller than Atomic{I,U}64, leading to unaligned memory accesses and data races when using fetch_* with AtomicCell. 32-b...
CVE-2021-32810
CVE-2021-32810 concerns crossbeam-deque, a Rust crate used for work-stealing deques in task schedulers. A race condition in versions prior to 0.7.4 and 0.8.0 can cause one or more tasks in a worker queue to be popped twice, with potentially forgotten tasks, leading to a double-free and memory lea...
CVE-2020-15254
CVE-2020-15254 concerns Crossbeam-channel’s bounded channel in versions before 0.4.4. The root cause is an unsound assumption: Vec::from_iter may not allocate capacity equal to the number of iterator elements, causing the bounded channel’s destructor to reconstruct a Vec with an incorrect capacit...
CVE-2018-20996
The CVE-2018-20996 issue affects the Rust crossbeam crate prior to 0.4.1, where a destructor mishandling leads to a double free. Affected component: crossbeam crate (Rust) before 0.4.1. Root cause: explicit double free due to destructor handling in the drop path. Impact stated in sources: high/cr...