VYPR
High severityNVD Advisory· Published Feb 15, 2022· Updated Apr 22, 2025

Improper Restriction of Operations within the Bounds of a Memory Buffer and Race Condition in crossbeam-utils

CVE-2022-23639

Description

crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of {i,u}64 was always the same as Atomic{I,U}64. However, the alignment of {i,u}64 on a 32-bit target can be smaller than Atomic{I,U}64. This can cause unaligned memory accesses and data race. Crates using fetch_* methods with AtomicCell<{i,u}64> are affected by this issue. 32-bit targets without Atomic{I,U}64 and 64-bit targets are not affected by this issue. This has been fixed in crossbeam-utils 0.8.7. There are currently no known workarounds.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
crossbeam-utilscrates.io
< 0.8.70.8.7

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.