Crossbeam Project Crossbeam vulnerabilities

CVE-2022-23639 [HIGH] CWE-362 CVE-2022-23639: crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities fo crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was always the same as `Atomic{I,U}64`. However, the alignment of `{i,u}64` on a 32-bit target can be smaller than `Atomic{I,U}6

CVE-2021-32810 [CRITICAL] CWE-362 CVE-2021-32810: crossbeam-deque is a package of work-stealing deques for building task schedulers when programming i crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can

CVE-2020-15254 [CRITICAL] CWE-119 CVE-2020-15254: Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, t Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The destructor of the `bounded` channe

CVE-2018-20996 [CRITICAL] CWE-415 CVE-2018-20996: An issue was discovered in the crossbeam crate before 0.4.1 for Rust. There is a double free because An issue was discovered in the crossbeam crate before 0.4.1 for Rust. There is a double free because of destructor mishandling.