CVE-2022-23639

Опубликовано: 15 фев. 2022

Источник: nvd

CVSS3: 8.1

CVSS2: 6.8

EPSS Низкий

Описание

crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of {i,u}64 was always the same as Atomic{I,U}64. However, the alignment of {i,u}64 on a 32-bit target can be smaller than Atomic{I,U}64. This can cause unaligned memory accesses and data race. Crates using fetch_* methods with AtomicCell<{i,u}64> are affected by this issue. 32-bit targets without Atomic{I,U}64 and 64-bit targets are not affected by this issue. This has been fixed in crossbeam-utils 0.8.7. There are currently no known workarounds.

Ссылки

https://github.com/crossbeam-rs/crossbeam/pull/781
Issue Tracking
Patch
Third Party Advisory
https://github.com/crossbeam-rs/crossbeam/releases/tag/crossbeam-utils-0.8.7
Patch
Third Party Advisory
https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-qc84-gqf4-9926
Exploit
Third Party Advisory
https://github.com/crossbeam-rs/crossbeam/pull/781
Issue Tracking
Patch
Third Party Advisory
https://github.com/crossbeam-rs/crossbeam/releases/tag/crossbeam-utils-0.8.7
Patch
Third Party Advisory
https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-qc84-gqf4-9926
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:crossbeam_project:crossbeam:*:*:*:*:*:rust:*:*

Версия до 0.8.7 (исключая)

EPSS

Процентиль: 58%

0.00361

Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-362

NVD-CWE-noinfo

Связанные уязвимости

CVE-2022-23639

CVSS3: 8.1

ubuntu

почти 4 года назад

crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was always the same as `Atomic{I,U}64`. However, the alignment of `{i,u}64` on a 32-bit target can be smaller than `Atomic{I,U}64`. This can cause unaligned memory accesses and data race. Crates using `fetch_*` methods with `AtomicCell<{i,u}64>` are affected by this issue. 32-bit targets without `Atomic{I,U}64` and 64-bit targets are not affected by this issue. This has been fixed in crossbeam-utils 0.8.7. There are currently no known workarounds.

CVE-2022-23639

CVSS3: 8.1

msrc

больше 1 года назад

Описание отсутствует

CVE-2022-23639

CVSS3: 8.1

debian

почти 4 года назад

crossbeam-utils provides atomics, synchronization primitives, scoped t ...

GHSA-qc84-gqf4-9926

CVSS3: 8.1

github

почти 4 года назад

crossbeam-utils Unsoundness of AtomicCell<{i,u}64> arithmetics on 32-bit targets that support Atomic{I,U}64

BDU:2022-05894

CVSS3: 8.1

fstec

около 4 лет назад

Уязвимость инструментов для параллельного программирования Crossbeam Utils на 32-битных системах, связанная с одновременным выполнением с использованием общего ресурса с неправильной синхронизацией, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 58%

0.00361

Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-362

NVD-CWE-noinfo