CVE-2021-32810
Last modified
CVE-2021-32810 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. EPSS estimates a 1.91% chance of exploitation in the next 30 days.
Description
crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Crossbeam Project | Crossbeam | < 0.7.4 |
| Crossbeam Project | Crossbeam | >= 0.8.0, < 0.8.1 |
| Fedoraproject | Fedora | 34 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-32810?
How severe is CVE-2021-32810?
How do I fix CVE-2021-32810?
Are you affected by CVE-2021-32810?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST