CVE-2025-65947
Description
thread-amount is a tool that gets the amount of threads in the current process. Prior to version 0.2.2, there are resource leaks when querying thread counts on Windows and Apple platforms. In Windows platforms, the thread_amount function calls CreateToolhelp32Snapshot but fails to close the returned HANDLE using CloseHandle. Repeated calls to this function will cause the handle count of the process to grow indefinitely, eventually leading to system instability or process termination when the handle limit is reached. In Apple platforms, the thread_amount function calls task_threads (via Mach kernel APIs) which allocates memory for the thread list. The function fails to deallocate this memory using vm_deallocate. Repeated calls will result in a steady memory leak, eventually causing the process to be killed by the OOM (Out of Memory) killer. This issue has been patched in version 0.2.2.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
thread-amountcrates.io | < 0.2.2 | 0.2.2 |
Affected products
1- Range: v0.2.0, v0.2.1
Patches
128860d4a3828fix: memory leak on windows, macos, and ios (#29)
2 files changed · +23 −13
src/osx.rs+20 −13 modified@@ -1,24 +1,31 @@ use std::num::NonZeroUsize; +use std::{mem, ptr}; use mach2::kern_return::KERN_SUCCESS; +use mach2::mach_types::thread_act_array_t; +use mach2::message::mach_msg_type_number_t; +use mach2::port::mach_port_t; use mach2::task::task_threads; use mach2::traps::mach_task_self; +use mach2::vm::mach_vm_deallocate; +use mach2::vm_types::{mach_vm_address_t, mach_vm_size_t}; pub(crate) fn thread_amount() -> Option<NonZeroUsize> { - let mut state = [0u32; 1296]; - let mut count: u32 = 0; - let rc = unsafe { - task_threads( - mach_task_self(), - &mut state.as_mut_ptr() as *mut *mut u32, - &mut count as *mut _, - ) - }; + unsafe { + let task = mach_task_self(); + let mut thread_list: thread_act_array_t = ptr::null_mut(); + let mut count: mach_msg_type_number_t = 0; + let rc = task_threads(task, &mut thread_list, &mut count); - if rc == KERN_SUCCESS { - NonZeroUsize::new(usize::try_from(count).expect("Failed converting from u32 to usize")) - } else { - None + if rc != KERN_SUCCESS { + return None; + } + + let result = NonZeroUsize::new(count as usize); + let size = (count as usize * mem::size_of::<mach_port_t>()) as mach_vm_size_t; + let _ = mach_vm_deallocate(task, thread_list as mach_vm_address_t, size); + + result } }
src/windows.rs+3 −0 modified@@ -2,6 +2,7 @@ use std::num::NonZeroUsize; use std::{mem, process, ptr}; use field_offset::offset_of; +use windows::Win32::Foundation::CloseHandle; use windows::Win32::System::Diagnostics::ToolHelp::{ CreateToolhelp32Snapshot, Thread32First, @@ -39,6 +40,8 @@ pub(crate) fn thread_amount() -> Option<NonZeroUsize> { } } } + + CloseHandle(handle).expect("Failed closing handle"); } NonZeroUsize::new(amount)
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-jf9p-2fv9-2jp2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-65947ghsaADVISORY
- github.com/jzeuzs/thread-amount/commit/28860d4a38286609cb884c13b5b7941edc2390e5nvdWEB
- github.com/jzeuzs/thread-amount/pull/29nvdWEB
- github.com/jzeuzs/thread-amount/security/advisories/GHSA-jf9p-2fv9-2jp2nvdWEB
- rustsec.org/advisories/RUSTSEC-2025-0125.htmlghsaWEB
News mentions
0No linked articles in our index yet.