Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2022-23639
Date: February 15, 2022
crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of "{i,u}64" was always the same as "Atomic{I,U}64". However, the alignment of "{i,u}64" on a 32-bit target can be smaller than "Atomic{I,U}64". This can cause unaligned memory accesses and data race. Crates using "fetch_*" methods with "AtomicCell<{i,u}64>" are affected by this issue. 32-bit targets without "Atomic{I,U}64" and 64-bit targets are not affected by this issue. This has been fixed in crossbeam-utils 0.8.7. There are currently no known workarounds.
Language: RUST
Severity Score
Related Resources (9)
Severity Score
Weakness Type (CWE)
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-119Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-362Insufficient Information
NVD-CWE-noinfoCVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | HIGH |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | HIGH |
| Availability (A): | HIGH |
CVSS v2
| Base Score: |
|
|---|---|
| Access Vector (AV): | NETWORK |
| Access Complexity (AC): | MEDIUM |
| Authentication (AU): | NONE |
| Confidentiality (C): | PARTIAL |
| Integrity (I): | PARTIAL |
| Availability (A): | PARTIAL |
| Additional information: |