Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yd2Y0LWd4NjItcnFmd84AArcp
`MsQueue` `push`/`pop` use the wrong orderings
Affected versions of this crate use orderings which are too weak to support this data structure.
It is likely this has caused memory corruption in the wild: https://github.com/crossbeam-rs/crossbeam/issues/97#issuecomment-412785919.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yd2Y0LWd4NjItcnFmd84AArcp
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago
Identifiers: GHSA-rwf4-gx62-rqfw
References:
- https://github.com/crossbeam-rs/crossbeam/issues/97#issuecomment-412785919
- https://github.com/crossbeam-rs/crossbeam/pull/98
- https://rustsec.org/advisories/RUSTSEC-2022-0029.html
- https://github.com/advisories/GHSA-rwf4-gx62-rqfw
Blast Radius: 0.0
Affected Packages
cargo:crossbeam
Dependent packages: 1,001Dependent repositories: 7,971
Downloads: 44,275,881 total
Affected Version Ranges: < 0.3.0
Fixed in: 0.3.0
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.2.7, 0.2.8, 0.2.9, 0.2.10, 0.2.11, 0.2.12
All unaffected versions: 0.3.0, 0.3.1, 0.3.2, 0.4.0, 0.4.1, 0.5.0, 0.6.0, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4