Описание
In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| rust-crossbeam-channel | fixed | 0.5.15-1 | package | |
| rust-crossbeam-channel | not-affected | bookworm | package | |
| rust-crossbeam-channel | not-affected | bullseye | package |
Примечания
https://rustsec.org/advisories/RUSTSEC-2025-0024.html
https://github.com/crossbeam-rs/crossbeam/pull/1187
Fixed by: https://github.com/crossbeam-rs/crossbeam/commit/6ec74ecae896df5fc239518b45a1bfd258c9db68 (crossbeam-channel-0.5.15)
EPSS
Связанные уязвимости
In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.
In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.
In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.
Crossbeam-channel: crossbeam-channel vulnerable to double free on drop
EPSS