CVE-2020-15254Improper Restriction of Operations within the Bounds of a Memory Buffer in Crossbeam

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-401Missing Release of Memory after Effective Lifetime12 documents8 sources
Severity
9.8CRITICALNVD
EPSS
0.5%
top 33.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Crossbeam-rs CrossbeamCrossbeam Project CrossbeamMozilla Firefox+3 more
Timeline
PublishedOct 16
Latest updateAug 25

Description

Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The destructor of the `bounded` channel reconstructs `Vec` from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect c

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

debiandebian/rust-crossbeam-channel< firefox 82.0-1 (sid)
CVEListV5crossbeam-rs/crossbeam< 0.4.4
debiandebian/firefox< firefox 82.0-1 (sid)
Ubuntumozilla/firefox< 82.0+build2-0ubuntu0.16.04.5+2

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

5
OSV
crossbeam-channel Undefined Behavior before v0.4.42021-08-25
GHSA
crossbeam-channel Undefined Behavior before v0.4.42021-08-25
OSV
Incorrect buffer size in crossbeam-channel2021-08-25
OSV
CVE-2020-15254: Crossbeam is a set of tools for concurrent programming2020-10-22
OSV
Undefined Behavior in bounded channel2020-06-26

📋Vendor Advisories

6
Ubuntu
Firefox vulnerabilities2020-10-26
Ubuntu
Firefox vulnerabilities2020-10-23
Red Hat
Mozilla: Undefined behavior in bounded channel of crossbeam rust crate2020-10-20
Microsoft
Undefined Behavior in bounded Crossbeam channel2020-10-13
Debian
CVE-2020-15254: firefox - Crossbeam is a set of tools for concurrent programming. In crossbeam-channel bef...2020
CVE-2020-15254 — Crossbeam-rs Crossbeam vulnerability | cvebase