CVE-2018-20996Double Free in Project Crossbeam

CWE-415Double Free7 documents5 sources
Severity
9.8CRITICALNVD
EPSS
0.4%
top 37.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Crossbeam Project CrossbeamDebian Rust-crossbeam-epoch
Timeline
PublishedAug 26
Latest updateAug 25

Description

An issue was discovered in the crossbeam crate before 0.4.1 for Rust. There is a double free because of destructor mishandling.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

crates.iocrossbeam_project/crossbeam0.4.00.4.1

🔴Vulnerability Details

4
OSV
Double free in crossbeam2021-08-25
GHSA
Double free in crossbeam2021-08-25
OSV
CVE-2018-20996: An issue was discovered in the crossbeam crate before 02019-08-26
OSV
MsQueue and SegQueue suffer from double-free2018-12-09

📋Vendor Advisories

1
Debian
CVE-2018-20996: rust-crossbeam-epoch - An issue was discovered in the crossbeam crate before 0.4.1 for Rust. There is a...2018

📄Research Papers

1
arXiv
Memory-Safety Challenge Considered Solved? An In-Depth Study with All Rust CVEs2021-02-25
CVE-2018-20996 — Double Free in Project Crossbeam | cvebase