Search for vulnerabilities
| Vulnerability ID | VCID-hdx5-y848-3ke8 |
| Aliases |
CVE-2020-35904
GHSA-m8h8-v6jh-c762 |
| Summary | Incorrect buffer size in crossbeam-channel The affected version of this crate's the bounded channel incorrectly assumes that Vec::from_iter has allocated capacity that same as the number of iterator elements. Vec::from_iter does not actually guarantee that and may allocate extra memory. The destructor of the bounded channel reconstructs Vec from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity when Vec::from_iter has allocated different sizes with the number of iterator elements. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 6.2 |
| Risk | 3.1 |
| Affected and Fixed Packages | Package Details |
| Reference id | Reference type | URL |
|---|---|---|
| https://api.first.org/data/v1/epss?cve=CVE-2020-35904 | ||
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35904 | ||
| https://github.com/crossbeam-rs/crossbeam | ||
| https://github.com/crossbeam-rs/crossbeam/pull/533 | ||
| https://nvd.nist.gov/vuln/detail/CVE-2020-35904 | ||
| https://rustsec.org/advisories/RUSTSEC-2020-0052.html | ||
| cpe:2.3:a:crossbeam-channel_project:crossbeam-channel:*:*:*:*:*:rust:*:* | https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:crossbeam-channel_project:crossbeam-channel:*:*:*:*:*:rust:*:* | |
| GHSA-m8h8-v6jh-c762 | https://github.com/advisories/GHSA-m8h8-v6jh-c762 |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Exploitability (E) | Access Vector (AV) | Access Complexity (AC) | Authentication (Au) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|
high functional unproven proof_of_concept not_defined |
local adjacent_network network |
high medium low |
multiple single none |
none partial complete |
none partial complete |
none partial complete |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Attack Vector (AV) | Attack Complexity (AC) | Privileges Required (PR) | User Interaction (UI) | Scope (S) | Confidentiality Impact (C) | Integrity Impact (I) | Availability Impact (A) |
|---|---|---|---|---|---|---|---|
network adjacent_network local physical |
low high |
none low high |
none required |
unchanged changed |
high low none |
high low none |
high low none |
| Percentile | 0.1774 |
| EPSS Score | 0.00057 |
| Published At | July 30, 2025, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-07-31T08:51:20.150816+00:00 | GithubOSV Importer | Import | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-m8h8-v6jh-c762/GHSA-m8h8-v6jh-c762.json | 37.0.0 |