Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1yd2Y0LWd4NjItcnFmd84AArcp

`MsQueue` `push`/`pop` use the wrong orderings

Affected versions of this crate use orderings which are too weak to support this data structure.
It is likely this has caused memory corruption in the wild: https://github.com/crossbeam-rs/crossbeam/issues/97#issuecomment-412785919.

Permalink: https://github.com/advisories/GHSA-rwf4-gx62-rqfw
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yd2Y0LWd4NjItcnFmd84AArcp
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago


Identifiers: GHSA-rwf4-gx62-rqfw
References: Repository: https://github.com/crossbeam-rs/crossbeam
Blast Radius: 0.0

Affected Packages

cargo:crossbeam
Dependent packages: 1,001
Dependent repositories: 7,971
Downloads: 44,275,881 total
Affected Version Ranges: < 0.3.0
Fixed in: 0.3.0
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.2.7, 0.2.8, 0.2.9, 0.2.10, 0.2.11, 0.2.12
All unaffected versions: 0.3.0, 0.3.1, 0.3.2, 0.4.0, 0.4.1, 0.5.0, 0.6.0, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4