Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Undefined Behavior in bounded Crossbeam channel
Vulnerability Description
Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that and may allocate extra memory. The destructor of the `bounded` channel reconstructs `Vec` from the raw pointer based on the incorrect assumes described above. This is unsound and causing deallocation with the incorrect capacity when `Vec::from_iter` has allocated different sizes with the number of iterator elements. This has been fixed in crossbeam-channel 0.4.4.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
内存缓冲区边界内操作的限制不恰当
Vulnerability Title
Crossbeam 缓冲区错误漏洞
Vulnerability Description
Crossbeam是个人开发者的一个应用于并发编程的工具。 Crossbeam crossbeam-channel 0.4.4之前版本存在缓冲区错误漏洞,该漏洞源于Vec::from iter分配内存与迭代器数量不一致。
CVSS Information
N/A
Vulnerability Type
N/A