crates.io package
crossbeam-channel
pkg:cargo/crossbeam-channel
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-4574 | Med | 6.5 | >= 0.5.12, < 0.5.15 | 0.5.15 | May 13, 2025 | In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption. | |
| CVE-2020-35904 | — | >= 0.4.3, < 0.4.4 | 0.4.4 | Dec 31, 2020 | An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are. | ||
| CVE-2020-15254 | — | >= 0.4.3, < 0.4.4 | 0.4.4 | Oct 16, 2020 | Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that |
- affected >= 0.5.12, < 0.5.15fixed 0.5.15
In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.
- CVE-2020-35904Dec 31, 2020affected >= 0.4.3, < 0.4.4fixed 0.4.4
An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are.
- CVE-2020-15254Oct 16, 2020affected >= 0.4.3, < 0.4.4fixed 0.4.4
Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that