Search for packages
| purl | pkg:cargo/crossbeam-channel@0.5.12 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-7vj2-6tfw-3fd4
Aliases: CVE-2025-4574 GHSA-pg9f-39pc-qf8g |
crossbeam-channel Vulnerable to Double Free on Drop The internal `Channel` type's `Drop` method has a race which could, in some circumstances, lead to a double-free. This could result in memory corruption. Quoting from the [upstream description in merge request \#1187](https://github.com/crossbeam-rs/crossbeam/pull/1187#issue-2980761131): > The problem lies in the fact that `dicard_all_messages` contained two paths that could lead to `head.block` being read but only one of them would swap the value. This meant that `dicard_all_messages` could end up observing a non-null block pointer (and therefore attempting to free it) without setting `head.block` to null. This would then lead to `Channel::drop` making a second attempt at dropping the same pointer. The bug was introduced while fixing a memory leak, in upstream [MR \#1084](https://github.com/crossbeam-rs/crossbeam/pull/1084), first published in 0.5.12. The fix is in upstream [MR \#1187](https://github.com/crossbeam-rs/crossbeam/pull/1187) and has been published in 0.5.15 |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-07T04:57:35.269023+00:00 | GHSA Importer | Affected by | VCID-7vj2-6tfw-3fd4 | https://github.com/advisories/GHSA-pg9f-39pc-qf8g | 38.1.0 |