{"id":"GHSA-v5m7-53cv-f3hx","summary":"crossbeam-channel Undefined Behavior before v0.4.4","details":"### Impact\n\nThe affected version of this crate's the `bounded` channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The destructor of the `bounded` channel reconstructs `Vec` from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity when `Vec::from_iter` has allocated different sizes with the number of iterator elements.\n\n### Patches\n\nThis has been fixed in crossbeam-channel 0.4.4.\n\nWe recommend users to upgrade to 0.4.4.\n\n### References\n\nSee https://github.com/crossbeam-rs/crossbeam/pull/533, https://github.com/crossbeam-rs/crossbeam/issues/539, and https://github.com/RustSec/advisory-db/pull/425 for more details.\n\n### License\n\nThis advisory is in the public domain.","aliases":["CVE-2020-15254","CVE-2020-35904","GHSA-m8h8-v6jh-c762","RUSTSEC-2020-0052"],"modified":"2026-03-13T22:14:31.977494Z","published":"2021-08-25T21:01:13Z","related":["CVE-2020-15254"],"database_specific":{"github_reviewed":true,"cwe_ids":["CWE-119","CWE-401"],"severity":"HIGH","github_reviewed_at":"2021-08-03T22:53:34Z","nvd_published_at":"2020-10-16T17:15:00Z"},"references":[{"type":"WEB","url":"https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-v5m7-53cv-f3hx"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15254"},{"type":"WEB","url":"https://github.com/crossbeam-rs/crossbeam/issues/539"},{"type":"WEB","url":"https://github.com/RustSec/advisory-db/pull/425"},{"type":"WEB","url":"https://github.com/crossbeam-rs/crossbeam/pull/533"},{"type":"PACKAGE","url":"https://github.com/crossbeam-rs/crossbeam"},{"type":"WEB","url":"https://rustsec.org/advisories/RUSTSEC-2020-0052.html"}],"affected":[{"package":{"name":"crossbeam-channel","ecosystem":"crates.io","purl":"pkg:cargo/crossbeam-channel"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.4.3"},{"fixed":"0.4.4"}]}],"versions":["0.4.3"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-v5m7-53cv-f3hx/GHSA-v5m7-53cv-f3hx.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}