{"id":"CVE-2020-15254","details":"Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The destructor of the `bounded` channel reconstructs `Vec` from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity when `Vec::from_iter` has allocated different sizes with the number of iterator elements. This has been fixed in crossbeam-channel 0.4.4.","aliases":["CVE-2020-35904","GHSA-m8h8-v6jh-c762","GHSA-v5m7-53cv-f3hx","RUSTSEC-2020-0052"],"modified":"2026-04-10T04:22:52.893457Z","published":"2020-10-16T17:15:12.057Z","related":["GHSA-v5m7-53cv-f3hx","openSUSE-SU-2024:10600-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-v5m7-53cv-f3hx"},{"type":"FIX","url":"https://github.com/RustSec/advisory-db/pull/425"},{"type":"FIX","url":"https://github.com/crossbeam-rs/crossbeam/pull/533"},{"type":"EVIDENCE","url":"https://github.com/crossbeam-rs/crossbeam/issues/539"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/crossbeam-rs/crossbeam","events":[{"introduced":"0"},{"fixed":"48b13dc43cf19e0544d03d16f4b3da3d8b23f076"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.4.4"}]}}],"versions":["0.2.10","crossbeam-0.5.0","crossbeam-0.6.0","crossbeam-0.7.0","crossbeam-0.7.1","crossbeam-0.7.2","crossbeam-0.7.3","crossbeam-channel-0.3.1","crossbeam-channel-0.3.2","crossbeam-channel-0.3.3","crossbeam-channel-0.3.4","crossbeam-channel-0.3.5","crossbeam-channel-0.3.6","crossbeam-channel-0.3.7","crossbeam-channel-0.3.8","crossbeam-channel-0.3.9","crossbeam-channel-0.4.0","crossbeam-channel-0.4.2","crossbeam-deque-0.6.2","crossbeam-deque-0.6.3","crossbeam-deque-0.7.0","crossbeam-deque-0.7.1","crossbeam-deque-0.7.2","crossbeam-epoch-0.6.1","crossbeam-epoch-0.7.0","crossbeam-epoch-0.7.1","crossbeam-epoch-0.7.2","crossbeam-epoch-0.8.0","crossbeam-epoch-0.8.2","crossbeam-queue-0.1.0","crossbeam-queue-0.1.1","crossbeam-queue-0.1.2","crossbeam-queue-0.2.0","crossbeam-queue-0.2.1","crossbeam-queue-0.2.3","crossbeam-utils-0.6.0","crossbeam-utils-0.6.1","crossbeam-utils-0.6.2","crossbeam-utils-0.6.3","crossbeam-utils-0.6.4","crossbeam-utils-0.6.5","crossbeam-utils-0.6.6","crossbeam-utils-0.7.0","crossbeam-utils-0.7.2","v0.3.0","v0.3.1","v0.3.2","v0.4.0","v0.4.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15254.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}