{"ecosystem":"cargo","package":"crossbeam","version":null,"bugs":[{"id":954,"ecosystem":"cargo","package_name":"crossbeam","affected_version":"0.0.0-0","fixed_version":"0.3.0","bug_id":"osv:RUSTSEC-2022-0029","title":"`MsQueue` `push`/`pop` use the wrong orderings","description":"Affected versions of this crate use orderings which are too weak to support this data structure.\nIt is likely this has caused memory corruption in the wild: <https://github.com/crossbeam-rs/crossbeam/issues/97#issuecomment-412785919>.","severity":"medium","status":"fixed","source":"osv","source_url":"https://crates.io/crates/crossbeam","labels":["GHSA-rwf4-gx62-rqfw"],"created_at":"2026-04-19T04:32:22.477963+00:00","updated_at":"2026-04-19T04:32:22.477963+00:00"},{"id":953,"ecosystem":"cargo","package_name":"crossbeam","affected_version":"0.0.0-0","fixed_version":"0.7.0","bug_id":"osv:RUSTSEC-2022-0020","title":"`SegQueue` creates zero value of any type","description":"Affected versions of this crate called `mem::zeroed()` to create values of a user-supplied type `T`.\nThis is unsound e.g. if `T` is a reference type (which must be non-null).\n \nThe flaw was corrected by avoiding the use of `mem::zeroed()`, using `MaybeUninit` instead.","severity":"medium","status":"fixed","source":"osv","source_url":"https://crates.io/crates/crossbeam","labels":["GHSA-8gj8-hv75-gp94"],"created_at":"2026-04-19T04:32:22.477413+00:00","updated_at":"2026-04-19T04:32:22.477413+00:00"},{"id":952,"ecosystem":"cargo","package_name":"crossbeam","affected_version":"0.4.0","fixed_version":"0.4.1","bug_id":"osv:RUSTSEC-2018-0009","title":"MsQueue and SegQueue suffer from double-free","description":"Even if an element is popped from a queue, crossbeam would run its\ndestructor inside the epoch-based garbage collector. This is a source\nof double frees.\n\nThe flaw was corrected by wrapping elements inside queues in a\n`ManuallyDrop`.\n\nThanks to @c0gent for reporting the issue.","severity":"medium","status":"fixed","source":"osv","source_url":"https://crates.io/crates/crossbeam","labels":["CVE-2018-20996","GHSA-c3cw-c387-pj65"],"created_at":"2026-04-19T04:32:22.476895+00:00","updated_at":"2026-04-19T04:32:22.476895+00:00"},{"id":951,"ecosystem":"cargo","package_name":"crossbeam","affected_version":null,"fixed_version":"0.3.0","bug_id":"osv:GHSA-rwf4-gx62-rqfw","title":"`MsQueue` `push`/`pop` use the wrong orderings","description":"Affected versions of this crate use orderings which are too weak to support this data structure.\nIt is likely this has caused memory corruption in the wild: <https://github.com/crossbeam-rs/crossbeam/issues/97#issuecomment-412785919>.\n","severity":"medium","status":"fixed","source":"osv","source_url":"https://github.com/crossbeam-rs/crossbeam/issues/97#issuecomment-412785919","labels":["RUSTSEC-2022-0029"],"created_at":"2026-04-19T04:32:22.476344+00:00","updated_at":"2026-04-19T04:32:22.476344+00:00"},{"id":949,"ecosystem":"cargo","package_name":"crossbeam","affected_version":null,"fixed_version":"0.7.0","bug_id":"osv:GHSA-8gj8-hv75-gp94","title":"`SegQueue` creates zero value of any type","description":"Affected versions of this crate called `mem::zeroed()` to create values of a user-supplied type `T`.\nThis is unsound e.g. if `T` is a reference type (which must be non-null).\n \nThe flaw was corrected by avoiding the use of `mem::zeroed()`, using `MaybeUninit` instead.\n","severity":"medium","status":"fixed","source":"osv","source_url":"https://github.com/crossbeam-rs/crossbeam/pull/458","labels":["RUSTSEC-2022-0020"],"created_at":"2026-04-19T04:32:22.474330+00:00","updated_at":"2026-04-19T04:32:22.474330+00:00"},{"id":950,"ecosystem":"cargo","package_name":"crossbeam","affected_version":"0.4.0","fixed_version":"0.4.1","bug_id":"osv:GHSA-c3cw-c387-pj65","title":"Double free in crossbeam","description":"Even if an element is popped from a queue, crossbeam would run its destructor inside the epoch-based garbage collector. This is a source of double frees.\n\nThe flaw was corrected by wrapping elements inside queues in a ManuallyDrop.","severity":"critical","status":"fixed","source":"osv","source_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20996","labels":["CVE-2018-20996","RUSTSEC-2018-0009"],"created_at":"2026-04-19T04:32:22.475468+00:00","updated_at":"2026-04-19T04:32:22.475468+00:00"}],"total":6,"_cache":"miss"}