{"id":"RUSTSEC-2018-0009","summary":"MsQueue and SegQueue suffer from double-free","details":"Even if an element is popped from a queue, crossbeam would run its\ndestructor inside the epoch-based garbage collector. This is a source\nof double frees.\n\nThe flaw was corrected by wrapping elements inside queues in a\n`ManuallyDrop`.\n\nThanks to @c0gent for reporting the issue.","aliases":["CVE-2018-20996","GHSA-c3cw-c387-pj65"],"modified":"2023-11-08T04:00:13.679223Z","published":"2018-12-09T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/crossbeam"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2018-0009.html"},{"type":"REPORT","url":"https://github.com/crossbeam-rs/crossbeam-epoch/issues/82"}],"affected":[{"package":{"name":"crossbeam","ecosystem":"crates.io","purl":"pkg:cargo/crossbeam"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.4.0"},{"fixed":"0.4.1"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"os":[],"functions":[],"arch":[]}},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2018-0009.json","cvss":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","informational":null,"categories":[]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}