Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2020-15254

Published: 16/10/2020 Updated: 05/08/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The destructor of the `bounded` channel reconstructs `Vec` from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity when `Vec::from_iter` has allocated different sizes with the number of iterator elements. This has been fixed in crossbeam-channel 0.4.4.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

crossbeam project crossbeam

Vendor Advisories

Mozilla: Security Vulnerabilities fixed in Firefox 82
Mozilla Foundation Security Advisory 2020-45 Security Vulnerabilities fixed in Firefox 82 Announced October 20, 2020 Impact high Products Firefox Fixed in Firefox 82 ...
Arch Linux Issues:
An undefined behaviour leading to memory corruption issues has been found in the crossbeam rust crate <= 043 The "bounded" channel incorrectly assumes that "Vec::from_iter" has allocated enough capacity for the number of iterator elements "Vec::from_iter" does not actually guarantee that and may allocate extra memory The destructor of the " ...

References

CWE-401https://github.com/RustSec/advisory-db/pull/425https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-v5m7-53cv-f3hxhttps://github.com/crossbeam-rs/crossbeam/issues/539https://github.com/crossbeam-rs/crossbeam/pull/533https://nvd.nist.govhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-45/https://security.archlinux.org/CVE-2020-15254
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367CVE-2024-3611CVE-2024-4947CVE-2024-32988CVE-2020-35165local file inclusionCVE-2024-4980bypassmalicious code‎
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook