Home
MEDIUM: 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:LDefault status
unaffected
0.5.12 (semver) before 0.5.15
affected
Default status
unaffected
Default status
unaffected
Default status
affected
Default status
affected
Default status
unaffected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
unaffected
Default status
unaffected
Default status
unaffected
Default status
affected
Default status
unaffected
Default status
unaffected
Default status
affected
Default status
affected
Default status
affected
Default status
unaffected
Default status
unaffected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
unaffected
Default status
affected
Default status
unaffected
Default status
unaffected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
unaffected
Description
In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.
Problem types
Product status
0.5.12 (semver) before 0.5.15
Timeline
| 2025-04-10: | Reported to Red Hat. |
| 2025-04-10: | Made public. |
References
access.redhat.com/security/cve/CVE-2025-4574
bugzilla.redhat.com/show_bug.cgi?id=2358890 (RHBZ#2358890)
github.com/advisories/GHSA-pg9f-39pc-qf8g
github.com/crossbeam-rs/crossbeam/pull/1187