{"id":"CVE-2021-32810","details":"crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4.","aliases":["GHSA-pqqp-xmhj-wgcw","RUSTSEC-2021-0093"],"modified":"2026-04-10T04:33:14.444620Z","published":"2021-08-02T19:15:08.280Z","related":["GHSA-pqqp-xmhj-wgcw","MGASA-2021-0469","MGASA-2021-0478","SUSE-SU-2021:14826-1","SUSE-SU-2021:3331-1","SUSE-SU-2021:3446-1","SUSE-SU-2021:3451-1","SUSE-SU-2021:4150-1","openSUSE-SU-2021:1367-1","openSUSE-SU-2021:1635-1","openSUSE-SU-2021:3331-1","openSUSE-SU-2021:3451-1","openSUSE-SU-2021:4150-1","openSUSE-SU-2024:11570-1","openSUSE-SU-2024:11571-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VQZIEJQBV3S72BHD5GKJQF3NVYNRV5CF/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCIBFGBSL3JSVJQTNEDEIMZGZF23N2KE/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUBWBYCPSSXTJGEAQ67CJUNQJBOCM26/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQDIBB7VR3ER52FMSMNJPAWNDO5SITCE/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCLMH7B7B2MF55ET4NQNPH7JWISFX4RT/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFBZWCLG7AGLJO4A7K5IMJVPLSWZ5TJP/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EZILHZDRGDPOBQ4KTW3E5PPMKLHGH5N/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWHNNBJCU4EHA2X5ZAMJMGLDUYS5FEPP/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EW5B2VTDVMJ6B3DA4VLMAMW2GGDCE2BK/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WGB2H35CTZDHOV3VLC5BM6VFGURLLVRP/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYBSLIYFANZLCYWOGTIYZUM26TJRH7WU/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CY5T3FCE4MUYSPKEWICLVJBBODGJ6SZE/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRPKBRXCRNGNMVFQPFD4LM3QKPEMBQQR/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3LSN3B43TJSFIOB3QLPBI3RCHRU5BLO/"},{"type":"ADVISORY","url":"https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/crossbeam-rs/crossbeam","events":[{"introduced":"0"},{"fixed":"048513769238eda1876bcc61b131b2ece32f87dd"},{"introduced":"d9dfc9e1ffabcb3c01addad14878f16c2795c371"},{"fixed":"99c3230b263202aca56497b1f8e418a7b3647a23"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.7.4"},{"introduced":"0.8.0"},{"fixed":"0.8.1"}]}}],"versions":["0.2.10","crossbeam-0.5.0","crossbeam-0.6.0","crossbeam-0.7.0","crossbeam-0.7.1","crossbeam-0.7.2","crossbeam-0.7.3","crossbeam-0.8.0","crossbeam-channel-0.3.1","crossbeam-channel-0.3.2","crossbeam-channel-0.3.3","crossbeam-channel-0.3.4","crossbeam-channel-0.3.5","crossbeam-channel-0.3.6","crossbeam-channel-0.3.7","crossbeam-channel-0.3.8","crossbeam-channel-0.3.9","crossbeam-channel-0.4.0","crossbeam-channel-0.4.2","crossbeam-channel-0.4.4","crossbeam-channel-0.5.0","crossbeam-deque-0.6.2","crossbeam-deque-0.6.3","crossbeam-deque-0.7.0","crossbeam-deque-0.7.1","crossbeam-deque-0.7.2","crossbeam-deque-0.8.0","crossbeam-epoch-0.6.1","crossbeam-epoch-0.7.0","crossbeam-epoch-0.7.1","crossbeam-epoch-0.7.2","crossbeam-epoch-0.8.0","crossbeam-epoch-0.8.2","crossbeam-epoch-0.9.0","crossbeam-queue-0.1.0","crossbeam-queue-0.1.1","crossbeam-queue-0.1.2","crossbeam-queue-0.2.0","crossbeam-queue-0.2.1","crossbeam-queue-0.2.3","crossbeam-queue-0.3.0","crossbeam-utils-0.6.0","crossbeam-utils-0.6.1","crossbeam-utils-0.6.2","crossbeam-utils-0.6.3","crossbeam-utils-0.6.4","crossbeam-utils-0.6.5","crossbeam-utils-0.6.6","crossbeam-utils-0.7.0","crossbeam-utils-0.7.2","crossbeam-utils-0.8.0","v0.3.0","v0.3.1","v0.3.2","v0.4.0","v0.4.1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"34"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32810.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}