HistoryEdit

RUSTSEC-2018-0009

MsQueue and SegQueue suffer from double-free

Issued
Package
crossbeam (crates.io)
Type
Vulnerability
Keywords
#concurrency #memory-management #memory-corruption
Aliases
Details
https://github.com/crossbeam-rs/crossbeam-epoch/issues/82
CVSS Score
9.8 CRITICAL
CVSS Details
Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Patched
  • >=0.4.1
Unaffected
  • <0.4.0
Keywords
#concurrency #memory-management #memory-corruption

Description

Even if an element is popped from a queue, crossbeam would run its destructor inside the epoch-based garbage collector. This is a source of double frees.

The flaw was corrected by wrapping elements inside queues in a ManuallyDrop.

Thanks to @c0gent for reporting the issue.