You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
module: github.com/crossbeam-rs/crossbeam
package: crossbeam
description: |
crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was always the same as `Atomic{I,U}64`. However, the alignment of `{i,u}64` on a 32-bit target can be smaller than `Atomic{I,U}64`. This can cause unaligned memory accesses and data race. Crates using `fetch_*` methods with `AtomicCell<{i,u}64>` are affected by this issue. 32-bit targets without `Atomic{I,U}64` and 64-bit targets are not affected by this issue. This has been fixed in crossbeam-utils 0.8.7. There are currently no known workarounds.
cves:
- CVE-2022-23639
links:
pr: https://github.com/crossbeam-rs/crossbeam/pull/781
context:
- https://github.com/crossbeam-rs/crossbeam/releases/tag/crossbeam-utils-0.8.7
- https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-qc84-gqf4-9926
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered:
In CVE-2022-23639, the reference URL github.com/crossbeam-rs/crossbeam (and possibly others) refers to something in Go.
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: