Lookup for vulnerable packages by Package URL.
| Purl | pkg:cargo/crossbeam-channel@0.5.11 |
|---|
| Type | cargo |
|---|
| Namespace | |
|---|
| Name | crossbeam-channel |
|---|
| Version | 0.5.11 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | true |
|---|
| Next_non_vulnerable_version | 0.5.15 |
|---|
| Latest_non_vulnerable_version | 0.5.15 |
|---|
| Affected_by_vulnerabilities |
| 0 |
| url |
VCID-7mwd-wjet-eqhd |
| vulnerability_id |
VCID-7mwd-wjet-eqhd |
| summary |
Duplicate Advisory: crossbeam-channel Vulnerable to Double Free on Drop
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-pg9f-39pc-qf8g. This link is maintained to preserve external references.
### Original Description
In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption. |
| references |
|
| fixed_packages |
|
| aliases |
GHSA-w443-5h3j-jqcp
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7mwd-wjet-eqhd |
|
|
|---|
| Fixing_vulnerabilities |
|
|---|
| Risk_score | 3.1 |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:cargo/crossbeam-channel@0.5.11 |
|---|