FKIE_CVE-2021-32810

Vulnerability from fkie_nvd - Published: 2021-08-02 19:15 - Updated: 2024-11-21 06:07
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4.
References
security-advisories@github.comhttps://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcwThird Party Advisory
security-advisories@github.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EZILHZDRGDPOBQ4KTW3E5PPMKLHGH5N/
security-advisories@github.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWHNNBJCU4EHA2X5ZAMJMGLDUYS5FEPP/
security-advisories@github.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYBSLIYFANZLCYWOGTIYZUM26TJRH7WU/
security-advisories@github.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CY5T3FCE4MUYSPKEWICLVJBBODGJ6SZE/
security-advisories@github.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EW5B2VTDVMJ6B3DA4VLMAMW2GGDCE2BK/
security-advisories@github.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCIBFGBSL3JSVJQTNEDEIMZGZF23N2KE/
security-advisories@github.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCLMH7B7B2MF55ET4NQNPH7JWISFX4RT/
security-advisories@github.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRPKBRXCRNGNMVFQPFD4LM3QKPEMBQQR/
security-advisories@github.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUBWBYCPSSXTJGEAQ67CJUNQJBOCM26/
security-advisories@github.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3LSN3B43TJSFIOB3QLPBI3RCHRU5BLO/
security-advisories@github.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VQZIEJQBV3S72BHD5GKJQF3NVYNRV5CF/
security-advisories@github.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WGB2H35CTZDHOV3VLC5BM6VFGURLLVRP/
security-advisories@github.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFBZWCLG7AGLJO4A7K5IMJVPLSWZ5TJP/
security-advisories@github.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQDIBB7VR3ER52FMSMNJPAWNDO5SITCE/
af854a3a-2127-422b-91ae-364da2661108https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcwThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EZILHZDRGDPOBQ4KTW3E5PPMKLHGH5N/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWHNNBJCU4EHA2X5ZAMJMGLDUYS5FEPP/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYBSLIYFANZLCYWOGTIYZUM26TJRH7WU/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CY5T3FCE4MUYSPKEWICLVJBBODGJ6SZE/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EW5B2VTDVMJ6B3DA4VLMAMW2GGDCE2BK/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCIBFGBSL3JSVJQTNEDEIMZGZF23N2KE/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCLMH7B7B2MF55ET4NQNPH7JWISFX4RT/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRPKBRXCRNGNMVFQPFD4LM3QKPEMBQQR/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUBWBYCPSSXTJGEAQ67CJUNQJBOCM26/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3LSN3B43TJSFIOB3QLPBI3RCHRU5BLO/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VQZIEJQBV3S72BHD5GKJQF3NVYNRV5CF/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WGB2H35CTZDHOV3VLC5BM6VFGURLLVRP/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFBZWCLG7AGLJO4A7K5IMJVPLSWZ5TJP/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQDIBB7VR3ER52FMSMNJPAWNDO5SITCE/
Impacted products
Vendor Product Version
crossbeam_project crossbeam *
crossbeam_project crossbeam *
fedoraproject fedora 34
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:crossbeam_project:crossbeam:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E58599A-A962-4F81-B286-05F7FBD752D0",
              "versionEndExcluding": "0.7.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:crossbeam_project:crossbeam:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF8EE28D-2936-4A23-A3FC-B264A9EBD47D",
              "versionEndExcluding": "0.8.1",
              "versionStartIncluding": "0.8.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4."
    },
    {
      "lang": "es",
      "value": "crossbeam-deque es un paquete de deques work-stealing para construir programadores de tareas cuando se programa en Rust. En versiones anteriores a 0.7.4 y 0.8.0, el resultado de la condici\u00f3n de carrera es que una o m\u00e1s tareas en la cola de trabajadores pueden ser saltadas dos veces en lugar de otras tareas que son olvidadas y nunca saltadas. Si las tareas est\u00e1n asignadas en la pila, esto puede causar una doble liberaci\u00f3n y una p\u00e9rdida de memoria. Si no es as\u00ed, esto todav\u00eda puede causar un error l\u00f3gico. Las cajas que usan \"Stealer::steal\", \"Stealer::steal_batch\", o \"Stealer::steal_batch_and_pop\" est\u00e1n afectadas por este problema. Esto ha sido corregido en crossbeam-deque versiones 0.8.1 y 0.7.4"
    }
  ],
  "id": "CVE-2021-32810",
  "lastModified": "2024-11-21T06:07:47.700",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-08-02T19:15:08.280",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EZILHZDRGDPOBQ4KTW3E5PPMKLHGH5N/"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWHNNBJCU4EHA2X5ZAMJMGLDUYS5FEPP/"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYBSLIYFANZLCYWOGTIYZUM26TJRH7WU/"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CY5T3FCE4MUYSPKEWICLVJBBODGJ6SZE/"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EW5B2VTDVMJ6B3DA4VLMAMW2GGDCE2BK/"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCIBFGBSL3JSVJQTNEDEIMZGZF23N2KE/"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCLMH7B7B2MF55ET4NQNPH7JWISFX4RT/"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRPKBRXCRNGNMVFQPFD4LM3QKPEMBQQR/"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUBWBYCPSSXTJGEAQ67CJUNQJBOCM26/"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3LSN3B43TJSFIOB3QLPBI3RCHRU5BLO/"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VQZIEJQBV3S72BHD5GKJQF3NVYNRV5CF/"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WGB2H35CTZDHOV3VLC5BM6VFGURLLVRP/"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFBZWCLG7AGLJO4A7K5IMJVPLSWZ5TJP/"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQDIBB7VR3ER52FMSMNJPAWNDO5SITCE/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EZILHZDRGDPOBQ4KTW3E5PPMKLHGH5N/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWHNNBJCU4EHA2X5ZAMJMGLDUYS5FEPP/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYBSLIYFANZLCYWOGTIYZUM26TJRH7WU/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CY5T3FCE4MUYSPKEWICLVJBBODGJ6SZE/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EW5B2VTDVMJ6B3DA4VLMAMW2GGDCE2BK/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCIBFGBSL3JSVJQTNEDEIMZGZF23N2KE/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCLMH7B7B2MF55ET4NQNPH7JWISFX4RT/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRPKBRXCRNGNMVFQPFD4LM3QKPEMBQQR/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUBWBYCPSSXTJGEAQ67CJUNQJBOCM26/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3LSN3B43TJSFIOB3QLPBI3RCHRU5BLO/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VQZIEJQBV3S72BHD5GKJQF3NVYNRV5CF/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WGB2H35CTZDHOV3VLC5BM6VFGURLLVRP/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFBZWCLG7AGLJO4A7K5IMJVPLSWZ5TJP/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQDIBB7VR3ER52FMSMNJPAWNDO5SITCE/"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.