Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The destructor of the `bounded` channel reconstructs `Vec` from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity when `Vec::from_iter` has allocated different sizes with the number of iterator elements. This has been fixed in crossbeam-channel 0.4.4.
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
| Link | Tags |
|---|---|
| https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-v5m7-53cv-f3hx | third party advisory |
| https://github.com/crossbeam-rs/crossbeam/issues/539 | third party advisory exploit |
| https://github.com/crossbeam-rs/crossbeam/pull/533 | patch third party advisory exploit |
| https://github.com/RustSec/advisory-db/pull/425 | third party advisory patch |