Search for packages
Package details: pkg:cargo/crossbeam-channel@0.4.4
purl pkg:cargo/crossbeam-channel@0.4.4
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-br15-895f-aaap An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are. CVE-2020-35904
GHSA-m8h8-v6jh-c762
VCID-nxf6-b31u-aaac Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The destructor of the `bounded` channel reconstructs `Vec` from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity when `Vec::from_iter` has allocated different sizes with the number of iterator elements. This has been fixed in crossbeam-channel 0.4.4. CVE-2020-15254
GHSA-v5m7-53cv-f3hx

Date Actor Action Vulnerability Source VulnerableCode Version
2024-10-07T18:42:35.149764+00:00 GHSA Importer Fixing VCID-br15-895f-aaap https://github.com/advisories/GHSA-m8h8-v6jh-c762 34.0.2
2024-10-07T18:27:46.622428+00:00 GHSA Importer Fixing VCID-nxf6-b31u-aaac https://github.com/advisories/GHSA-v5m7-53cv-f3hx 34.0.2
2024-09-17T22:20:40.941256+00:00 GHSA Importer Fixing VCID-nxf6-b31u-aaac https://github.com/advisories/GHSA-v5m7-53cv-f3hx 34.0.1
2024-09-17T22:20:40.831598+00:00 GHSA Importer Fixing VCID-br15-895f-aaap https://github.com/advisories/GHSA-m8h8-v6jh-c762 34.0.1