GHSA-w443-5h3j-jqcp

Опубликовано: 14 мая 2025

Источник: github

Github: Прошло ревью

CVSS3: 6.5

Описание

Duplicate Advisory: crossbeam-channel Vulnerable to Double Free on Drop

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-pg9f-39pc-qf8g. This link is maintained to preserve external references.

Original Description

In crossbeam-channel rust crate, the internal Channel type's Drop method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2025-4574
https://github.com/crossbeam-rs/crossbeam/pull/1187
https://access.redhat.com/security/cve/CVE-2025-4574
https://bugzilla.redhat.com/show_bug.cgi?id=2358890

Пакеты

Наименование

crossbeam-channel

rust

Затронутые версииВерсия исправления

>= 0.5.11, < 0.5.15

0.5.15

6.5 Medium

CVSS3

Дефекты

CWE-415

6.5 Medium

CVSS3

Дефекты

CWE-415