Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/rust-crossbeam-channel@0.4.4-1?distro=trixie
Typedeb
Namespacedebian
Namerust-crossbeam-channel
Version0.4.4-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version0.5.6-1
Latest_non_vulnerable_version0.5.15-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-7vj2-6tfw-3fd4
vulnerability_id VCID-7vj2-6tfw-3fd4
summary 
crossbeam-channel Vulnerable to Double Free on Drop
The internal `Channel` type's `Drop` method has a race
which could, in some circumstances, lead to a double-free.
This could result in memory corruption.

Quoting from the
[upstream description in merge request \#1187](https://github.com/crossbeam-rs/crossbeam/pull/1187#issue-2980761131):

> The problem lies in the fact that `dicard_all_messages` contained two paths that could lead to `head.block` being read but only one of them would swap the value. This meant that `dicard_all_messages` could end up observing a non-null block pointer (and therefore attempting to free it) without setting `head.block` to null. This would then lead to `Channel::drop` making a second attempt at dropping the same pointer.

The bug was introduced while fixing a memory leak, in
upstream [MR \#1084](https://github.com/crossbeam-rs/crossbeam/pull/1084),
first published in 0.5.12.

The fix is in
upstream [MR \#1187](https://github.com/crossbeam-rs/crossbeam/pull/1187)
and has been published in 0.5.15
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4574.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4574.json
1
reference_url https://access.redhat.com/security/cve/CVE-2025-4574
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T13:30:44Z/
url https://access.redhat.com/security/cve/CVE-2025-4574
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-4574
reference_id
reference_type
scores
0
value 0.00138
scoring_system epss
scoring_elements 0.33796
published_at 2026-04-21T12:55:00Z
1
value 0.00479
scoring_system epss
scoring_elements 0.64965
published_at 2026-04-02T12:55:00Z
2
value 0.00479
scoring_system epss
scoring_elements 0.64992
published_at 2026-04-04T12:55:00Z
3
value 0.00479
scoring_system epss
scoring_elements 0.64955
published_at 2026-04-07T12:55:00Z
4
value 0.00479
scoring_system epss
scoring_elements 0.65005
published_at 2026-04-08T12:55:00Z
5
value 0.00479
scoring_system epss
scoring_elements 0.65019
published_at 2026-04-09T12:55:00Z
6
value 0.00479
scoring_system epss
scoring_elements 0.65037
published_at 2026-04-11T12:55:00Z
7
value 0.00479
scoring_system epss
scoring_elements 0.65026
published_at 2026-04-12T12:55:00Z
8
value 0.00479
scoring_system epss
scoring_elements 0.64999
published_at 2026-04-13T12:55:00Z
9
value 0.00479
scoring_system epss
scoring_elements 0.65036
published_at 2026-04-16T12:55:00Z
10
value 0.00479
scoring_system epss
scoring_elements 0.65046
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-4574
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2358890
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T13:30:44Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2358890
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/crossbeam-rs/crossbeam
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/crossbeam-rs/crossbeam
6
reference_url https://github.com/crossbeam-rs/crossbeam/pull/1187
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T13:30:44Z/
url https://github.com/crossbeam-rs/crossbeam/pull/1187
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-4574
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-4574
8
reference_url https://rustsec.org/advisories/RUSTSEC-2025-0024.html
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2025-0024.html
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103987
reference_id 1103987
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103987
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11
reference_id cpe:/a:redhat:directory_server:11
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:11
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:12
reference_id cpe:/a:redhat:directory_server:12
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:directory_server:12
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
reference_id cpe:/a:redhat:openshift:4
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_ai
reference_id cpe:/a:redhat:openshift_ai
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_ai
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
reference_id cpe:/a:redhat:satellite:6
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:trusted_artifact_signer:1
reference_id cpe:/a:redhat:trusted_artifact_signer:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:trusted_artifact_signer:1
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:trusted_profile_analyzer:1
reference_id cpe:/a:redhat:trusted_profile_analyzer:1
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:trusted_profile_analyzer:1
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:trusted_profile_analyzer:2
reference_id cpe:/a:redhat:trusted_profile_analyzer:2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:trusted_profile_analyzer:2
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
reference_id cpe:/o:redhat:enterprise_linux:10
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
22
reference_url https://github.com/advisories/GHSA-pg9f-39pc-qf8g
reference_id GHSA-pg9f-39pc-qf8g
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-14T13:30:44Z/
url https://github.com/advisories/GHSA-pg9f-39pc-qf8g
fixed_packages
0
url pkg:deb/debian/rust-crossbeam-channel@0?distro=trixie
purl pkg:deb/debian/rust-crossbeam-channel@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rust-crossbeam-channel@0%3Fdistro=trixie
1
url pkg:deb/debian/rust-crossbeam-channel@0.4.4-1?distro=trixie
purl pkg:deb/debian/rust-crossbeam-channel@0.4.4-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rust-crossbeam-channel@0.4.4-1%3Fdistro=trixie
2
url pkg:deb/debian/rust-crossbeam-channel@0.5.6-1?distro=trixie
purl pkg:deb/debian/rust-crossbeam-channel@0.5.6-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rust-crossbeam-channel@0.5.6-1%3Fdistro=trixie
3
url pkg:deb/debian/rust-crossbeam-channel@0.5.15-1?distro=trixie
purl pkg:deb/debian/rust-crossbeam-channel@0.5.15-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rust-crossbeam-channel@0.5.15-1%3Fdistro=trixie
aliases CVE-2025-4574, GHSA-pg9f-39pc-qf8g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7vj2-6tfw-3fd4
1
url VCID-unmm-942j-gkh7
vulnerability_id VCID-unmm-942j-gkh7
summary 
crossbeam-channel Undefined Behavior before v0.4.4
### Impact

The affected version of this crate's the `bounded` channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The destructor of the `bounded` channel reconstructs `Vec` from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity when `Vec::from_iter` has allocated different sizes with the number of iterator elements.

### Patches

This has been fixed in crossbeam-channel 0.4.4.

We recommend users to upgrade to 0.4.4.

### References

See https://github.com/crossbeam-rs/crossbeam/pull/533, https://github.com/crossbeam-rs/crossbeam/issues/539, and https://github.com/RustSec/advisory-db/pull/425 for more details.

### License

This advisory is in the public domain.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15254.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15254.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15254
reference_id
reference_type
scores
0
value 0.0051
scoring_system epss
scoring_elements 0.66395
published_at 2026-04-21T12:55:00Z
1
value 0.0051
scoring_system epss
scoring_elements 0.66285
published_at 2026-04-01T12:55:00Z
2
value 0.0051
scoring_system epss
scoring_elements 0.66324
published_at 2026-04-02T12:55:00Z
3
value 0.0051
scoring_system epss
scoring_elements 0.66351
published_at 2026-04-04T12:55:00Z
4
value 0.0051
scoring_system epss
scoring_elements 0.66321
published_at 2026-04-07T12:55:00Z
5
value 0.0051
scoring_system epss
scoring_elements 0.66369
published_at 2026-04-08T12:55:00Z
6
value 0.0051
scoring_system epss
scoring_elements 0.66383
published_at 2026-04-09T12:55:00Z
7
value 0.0051
scoring_system epss
scoring_elements 0.66403
published_at 2026-04-11T12:55:00Z
8
value 0.0051
scoring_system epss
scoring_elements 0.6639
published_at 2026-04-12T12:55:00Z
9
value 0.0051
scoring_system epss
scoring_elements 0.66359
published_at 2026-04-13T12:55:00Z
10
value 0.0051
scoring_system epss
scoring_elements 0.66394
published_at 2026-04-16T12:55:00Z
11
value 0.0051
scoring_system epss
scoring_elements 0.6641
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15254
2
reference_url https://github.com/crossbeam-rs/crossbeam
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/crossbeam-rs/crossbeam
3
reference_url https://github.com/crossbeam-rs/crossbeam/issues/539
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/crossbeam-rs/crossbeam/issues/539
4
reference_url https://github.com/crossbeam-rs/crossbeam/pull/533
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/crossbeam-rs/crossbeam/pull/533
5
reference_url https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-v5m7-53cv-f3hx
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-v5m7-53cv-f3hx
6
reference_url https://github.com/RustSec/advisory-db/pull/425
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/RustSec/advisory-db/pull/425
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15254
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15254
8
reference_url https://rustsec.org/advisories/RUSTSEC-2020-0052.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2020-0052.html
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1963791
reference_id 1963791
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1963791
10
reference_url https://security.archlinux.org/ASA-202011-1
reference_id ASA-202011-1
reference_type
scores
url https://security.archlinux.org/ASA-202011-1
11
reference_url https://security.archlinux.org/AVG-1256
reference_id AVG-1256
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1256
12
reference_url https://github.com/advisories/GHSA-v5m7-53cv-f3hx
reference_id GHSA-v5m7-53cv-f3hx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v5m7-53cv-f3hx
13
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2020-45
reference_id mfsa2020-45
reference_type
scores
0
value high
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2020-45
14
reference_url https://usn.ubuntu.com/4599-1/
reference_id USN-4599-1
reference_type
scores
url https://usn.ubuntu.com/4599-1/
15
reference_url https://usn.ubuntu.com/4599-2/
reference_id USN-4599-2
reference_type
scores
url https://usn.ubuntu.com/4599-2/
fixed_packages
0
url pkg:deb/debian/rust-crossbeam-channel@0?distro=trixie
purl pkg:deb/debian/rust-crossbeam-channel@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rust-crossbeam-channel@0%3Fdistro=trixie
1
url pkg:deb/debian/rust-crossbeam-channel@0.4.4-1?distro=trixie
purl pkg:deb/debian/rust-crossbeam-channel@0.4.4-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rust-crossbeam-channel@0.4.4-1%3Fdistro=trixie
2
url pkg:deb/debian/rust-crossbeam-channel@0.5.6-1?distro=trixie
purl pkg:deb/debian/rust-crossbeam-channel@0.5.6-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rust-crossbeam-channel@0.5.6-1%3Fdistro=trixie
3
url pkg:deb/debian/rust-crossbeam-channel@0.5.15-1?distro=trixie
purl pkg:deb/debian/rust-crossbeam-channel@0.5.15-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rust-crossbeam-channel@0.5.15-1%3Fdistro=trixie
aliases CVE-2020-15254, GHSA-v5m7-53cv-f3hx
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-unmm-942j-gkh7
2
url VCID-w377-ghca-5fff
vulnerability_id VCID-w377-ghca-5fff
summary 
Incorrect buffer size in crossbeam-channel
The affected version of this crate's the bounded channel incorrectly assumes that Vec::from_iter has allocated capacity that same as the number of iterator elements. Vec::from_iter does not actually guarantee that and may allocate extra memory. The destructor of the bounded channel reconstructs Vec from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity when Vec::from_iter has allocated different sizes with the number of iterator elements.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35904
reference_id
reference_type
scores
0
value 0.00057
scoring_system epss
scoring_elements 0.17698
published_at 2026-04-21T12:55:00Z
1
value 0.00057
scoring_system epss
scoring_elements 0.17929
published_at 2026-04-04T12:55:00Z
2
value 0.00057
scoring_system epss
scoring_elements 0.1763
published_at 2026-04-07T12:55:00Z
3
value 0.00057
scoring_system epss
scoring_elements 0.17718
published_at 2026-04-08T12:55:00Z
4
value 0.00057
scoring_system epss
scoring_elements 0.17779
published_at 2026-04-09T12:55:00Z
5
value 0.00057
scoring_system epss
scoring_elements 0.17797
published_at 2026-04-11T12:55:00Z
6
value 0.00057
scoring_system epss
scoring_elements 0.17751
published_at 2026-04-12T12:55:00Z
7
value 0.00057
scoring_system epss
scoring_elements 0.17704
published_at 2026-04-13T12:55:00Z
8
value 0.00057
scoring_system epss
scoring_elements 0.17651
published_at 2026-04-16T12:55:00Z
9
value 0.00057
scoring_system epss
scoring_elements 0.17659
published_at 2026-04-18T12:55:00Z
10
value 0.00057
scoring_system epss
scoring_elements 0.17717
published_at 2026-04-01T12:55:00Z
11
value 0.00057
scoring_system epss
scoring_elements 0.17876
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35904
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35904
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35904
2
reference_url https://github.com/crossbeam-rs/crossbeam
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/crossbeam-rs/crossbeam
3
reference_url https://github.com/crossbeam-rs/crossbeam/pull/533
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/crossbeam-rs/crossbeam/pull/533
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-35904
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-35904
5
reference_url https://rustsec.org/advisories/RUSTSEC-2020-0052.html
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rustsec.org/advisories/RUSTSEC-2020-0052.html
6
reference_url https://github.com/advisories/GHSA-m8h8-v6jh-c762
reference_id GHSA-m8h8-v6jh-c762
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m8h8-v6jh-c762
fixed_packages
0
url pkg:deb/debian/rust-crossbeam-channel@0.4.4-1?distro=trixie
purl pkg:deb/debian/rust-crossbeam-channel@0.4.4-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rust-crossbeam-channel@0.4.4-1%3Fdistro=trixie
1
url pkg:deb/debian/rust-crossbeam-channel@0.5.6-1?distro=trixie
purl pkg:deb/debian/rust-crossbeam-channel@0.5.6-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rust-crossbeam-channel@0.5.6-1%3Fdistro=trixie
2
url pkg:deb/debian/rust-crossbeam-channel@0.5.15-1?distro=trixie
purl pkg:deb/debian/rust-crossbeam-channel@0.5.15-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rust-crossbeam-channel@0.5.15-1%3Fdistro=trixie
aliases CVE-2020-35904, GHSA-m8h8-v6jh-c762
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w377-ghca-5fff
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/rust-crossbeam-channel@0.4.4-1%3Fdistro=trixie