Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:cargo/crossbeam-channel@0.4.4
Typecargo
Namespace
Namecrossbeam-channel
Version0.4.4
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version0.5.15
Latest_non_vulnerable_version0.5.15
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-unmm-942j-gkh7
vulnerability_id VCID-unmm-942j-gkh7
summary 
crossbeam-channel Undefined Behavior before v0.4.4
### Impact

The affected version of this crate's the `bounded` channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The destructor of the `bounded` channel reconstructs `Vec` from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity when `Vec::from_iter` has allocated different sizes with the number of iterator elements.

### Patches

This has been fixed in crossbeam-channel 0.4.4.

We recommend users to upgrade to 0.4.4.

### References

See https://github.com/crossbeam-rs/crossbeam/pull/533, https://github.com/crossbeam-rs/crossbeam/issues/539, and https://github.com/RustSec/advisory-db/pull/425 for more details.

### License

This advisory is in the public domain.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15254.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15254.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15254
reference_id
reference_type
scores
0
value 0.0051
scoring_system epss
scoring_elements 0.66395
published_at 2026-04-21T12:55:00Z
1
value 0.0051
scoring_system epss
scoring_elements 0.66285
published_at 2026-04-01T12:55:00Z
2
value 0.0051
scoring_system epss
scoring_elements 0.66324
published_at 2026-04-02T12:55:00Z
3
value 0.0051
scoring_system epss
scoring_elements 0.66351
published_at 2026-04-04T12:55:00Z
4
value 0.0051
scoring_system epss
scoring_elements 0.66321
published_at 2026-04-07T12:55:00Z
5
value 0.0051
scoring_system epss
scoring_elements 0.66369
published_at 2026-04-08T12:55:00Z
6
value 0.0051
scoring_system epss
scoring_elements 0.66383
published_at 2026-04-09T12:55:00Z
7
value 0.0051
scoring_system epss
scoring_elements 0.66403
published_at 2026-04-11T12:55:00Z
8
value 0.0051
scoring_system epss
scoring_elements 0.6639
published_at 2026-04-12T12:55:00Z
9
value 0.0051
scoring_system epss
scoring_elements 0.66359
published_at 2026-04-13T12:55:00Z
10
value 0.0051
scoring_system epss
scoring_elements 0.66394
published_at 2026-04-16T12:55:00Z
11
value 0.0051
scoring_system epss
scoring_elements 0.6641
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15254
2
reference_url https://github.com/crossbeam-rs/crossbeam
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/crossbeam-rs/crossbeam
3
reference_url https://github.com/crossbeam-rs/crossbeam/issues/539
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/crossbeam-rs/crossbeam/issues/539
4
reference_url https://github.com/crossbeam-rs/crossbeam/pull/533
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/crossbeam-rs/crossbeam/pull/533
5
reference_url https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-v5m7-53cv-f3hx
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-v5m7-53cv-f3hx
6
reference_url https://github.com/RustSec/advisory-db/pull/425
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/RustSec/advisory-db/pull/425
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15254
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15254
8
reference_url https://rustsec.org/advisories/RUSTSEC-2020-0052.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2020-0052.html
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1963791
reference_id 1963791
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1963791
10
reference_url https://security.archlinux.org/ASA-202011-1
reference_id ASA-202011-1
reference_type
scores
url https://security.archlinux.org/ASA-202011-1
11
reference_url https://security.archlinux.org/AVG-1256
reference_id AVG-1256
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1256
12
reference_url https://github.com/advisories/GHSA-v5m7-53cv-f3hx
reference_id GHSA-v5m7-53cv-f3hx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v5m7-53cv-f3hx
13
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2020-45
reference_id mfsa2020-45
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2020-45
14
reference_url https://usn.ubuntu.com/4599-1/
reference_id USN-4599-1
reference_type
scores
url https://usn.ubuntu.com/4599-1/
15
reference_url https://usn.ubuntu.com/4599-2/
reference_id USN-4599-2
reference_type
scores
url https://usn.ubuntu.com/4599-2/
fixed_packages
0
url pkg:cargo/crossbeam-channel@0.4.4
purl pkg:cargo/crossbeam-channel@0.4.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:cargo/crossbeam-channel@0.4.4
aliases CVE-2020-15254, GHSA-v5m7-53cv-f3hx
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-unmm-942j-gkh7
1
url VCID-w377-ghca-5fff
vulnerability_id VCID-w377-ghca-5fff
summary 
Incorrect buffer size in crossbeam-channel
The affected version of this crate's the bounded channel incorrectly assumes that Vec::from_iter has allocated capacity that same as the number of iterator elements. Vec::from_iter does not actually guarantee that and may allocate extra memory. The destructor of the bounded channel reconstructs Vec from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity when Vec::from_iter has allocated different sizes with the number of iterator elements.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35904
reference_id
reference_type
scores
0
value 0.00057
scoring_system epss
scoring_elements 0.17698
published_at 2026-04-21T12:55:00Z
1
value 0.00057
scoring_system epss
scoring_elements 0.17929
published_at 2026-04-04T12:55:00Z
2
value 0.00057
scoring_system epss
scoring_elements 0.1763
published_at 2026-04-07T12:55:00Z
3
value 0.00057
scoring_system epss
scoring_elements 0.17718
published_at 2026-04-08T12:55:00Z
4
value 0.00057
scoring_system epss
scoring_elements 0.17779
published_at 2026-04-09T12:55:00Z
5
value 0.00057
scoring_system epss
scoring_elements 0.17797
published_at 2026-04-11T12:55:00Z
6
value 0.00057
scoring_system epss
scoring_elements 0.17751
published_at 2026-04-12T12:55:00Z
7
value 0.00057
scoring_system epss
scoring_elements 0.17704
published_at 2026-04-13T12:55:00Z
8
value 0.00057
scoring_system epss
scoring_elements 0.17651
published_at 2026-04-16T12:55:00Z
9
value 0.00057
scoring_system epss
scoring_elements 0.17659
published_at 2026-04-18T12:55:00Z
10
value 0.00057
scoring_system epss
scoring_elements 0.17717
published_at 2026-04-01T12:55:00Z
11
value 0.00057
scoring_system epss
scoring_elements 0.17876
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35904
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35904
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35904
2
reference_url https://github.com/crossbeam-rs/crossbeam
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/crossbeam-rs/crossbeam
3
reference_url https://github.com/crossbeam-rs/crossbeam/pull/533
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/crossbeam-rs/crossbeam/pull/533
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-35904
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-35904
5
reference_url https://rustsec.org/advisories/RUSTSEC-2020-0052.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2020-0052.html
6
reference_url https://github.com/advisories/GHSA-m8h8-v6jh-c762
reference_id GHSA-m8h8-v6jh-c762
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m8h8-v6jh-c762
fixed_packages
0
url pkg:cargo/crossbeam-channel@0.4.4
purl pkg:cargo/crossbeam-channel@0.4.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:cargo/crossbeam-channel@0.4.4
aliases CVE-2020-35904, GHSA-m8h8-v6jh-c762
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w377-ghca-5fff
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:cargo/crossbeam-channel@0.4.4