Search for vulnerabilities
Vulnerability details: VCID-zgn9-p6eq-83g1
Vulnerability ID VCID-zgn9-p6eq-83g1
Aliases GHSA-w443-5h3j-jqcp
Summary Duplicate Advisory: crossbeam-channel Vulnerable to Double Free on Drop ### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pg9f-39pc-qf8g. This link is maintained to preserve external references. ### Original Description In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-415 Double Free
System Score Found at
cvssv3.1 6.5 https://access.redhat.com/security/cve/CVE-2025-4574
generic_textual MODERATE https://access.redhat.com/security/cve/CVE-2025-4574
cvssv3.1 6.5 https://bugzilla.redhat.com/show_bug.cgi?id=2358890
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=2358890
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-w443-5h3j-jqcp
cvssv3.1 6.5 https://github.com/crossbeam-rs/crossbeam/pull/1187
generic_textual MODERATE https://github.com/crossbeam-rs/crossbeam/pull/1187
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2025-4574
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2025-4574
Reference id Reference type URL
https://access.redhat.com/security/cve/CVE-2025-4574
https://bugzilla.redhat.com/show_bug.cgi?id=2358890
https://github.com/crossbeam-rs/crossbeam/pull/1187
https://nvd.nist.gov/vuln/detail/CVE-2025-4574
GHSA-w443-5h3j-jqcp https://github.com/advisories/GHSA-w443-5h3j-jqcp
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://access.redhat.com/security/cve/CVE-2025-4574
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://bugzilla.redhat.com/show_bug.cgi?id=2358890
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://github.com/crossbeam-rs/crossbeam/pull/1187
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2025-4574
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2025-07-31T08:39:28.246922+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/05/GHSA-w443-5h3j-jqcp/GHSA-w443-5h3j-jqcp.json 37.0.0