RustSec logo

HistoryEditJSON (OSV)

RUSTSEC-2026-0204

Invalid pointer dereference in fmt::Pointer impl for Atomic and Shared when the underlying pointer is invalid

Reported
Issued
Package
crossbeam-epoch (crates.io)
Type
Vulnerability
Keywords
#NULL-pointer-dereference
References
Patched
  • >=0.9.20
Unaffected
  • <0.9.0

Description

Affected versions of fmt::Display dereference the underlying pointer. This causes a invalid pointer dereference e.g., when a pointer created with Atomic::null or Shared::null. fmt::Debug impls and pre-0.9 fmt::Display impls, which do not dereference pointers, are not affected by this issue.

Advisory available under CC0-1.0 license.