CVE-2022-23639
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-23639
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23639.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-23639
- Aliases
- Downstream
- Published
- 2022-02-15T18:20:10Z
- Modified
- 2025-12-04T10:16:26.659745Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Improper Restriction of Operations within the Bounds of a Memory Buffer and Race Condition in crossbeam-utils
- Details
-
crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of
{i,u}64was always the same asAtomic{I,U}64. However, the alignment of{i,u}64on a 32-bit target can be smaller thanAtomic{I,U}64. This can cause unaligned memory accesses and data race. Crates usingfetch_*methods withAtomicCell<{i,u}64>are affected by this issue. 32-bit targets withoutAtomic{I,U}64and 64-bit targets are not affected by this issue. This has been fixed in crossbeam-utils 0.8.7. There are currently no known workarounds. - Database specific
{ "cwe_ids": [ "CWE-362" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23639.json", "cna_assigner": "GitHub_M" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23639.json
- https://github.com/crossbeam-rs/crossbeam/pull/781
- https://github.com/crossbeam-rs/crossbeam/releases/tag/crossbeam-utils-0.8.7
- https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-qc84-gqf4-9926
- https://nvd.nist.gov/vuln/detail/CVE-2022-23639
Affected packages
Git / github.com/crossbeam-rs/crossbeam
Affected ranges
- Type
- GIT
- Repo
- https://github.com/crossbeam-rs/crossbeam
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.2.10
crossbeam-0.*
crossbeam-0.5.0
crossbeam-0.6.0
crossbeam-0.7.0
crossbeam-0.7.1
crossbeam-0.7.2
crossbeam-0.7.3
crossbeam-0.8.0
crossbeam-0.8.1
crossbeam-channel-0.*
crossbeam-channel-0.3.1
crossbeam-channel-0.3.2
crossbeam-channel-0.3.3
crossbeam-channel-0.3.4
crossbeam-channel-0.3.5
crossbeam-channel-0.3.6
crossbeam-channel-0.3.7
crossbeam-channel-0.3.8
crossbeam-channel-0.3.9
crossbeam-channel-0.4.0
crossbeam-channel-0.4.2
crossbeam-channel-0.4.3
crossbeam-channel-0.5.0
crossbeam-channel-0.5.1
crossbeam-channel-0.5.2
crossbeam-deque-0.*
crossbeam-deque-0.6.2
crossbeam-deque-0.6.3
crossbeam-deque-0.7.0
crossbeam-deque-0.7.1
crossbeam-deque-0.7.2
crossbeam-deque-0.8.0
crossbeam-deque-0.8.1
crossbeam-epoch-0.*
crossbeam-epoch-0.6.1
crossbeam-epoch-0.7.0
crossbeam-epoch-0.7.1
crossbeam-epoch-0.7.2
crossbeam-epoch-0.8.0
crossbeam-epoch-0.8.2
crossbeam-epoch-0.9.0
crossbeam-epoch-0.9.1
crossbeam-epoch-0.9.2
crossbeam-epoch-0.9.3
crossbeam-epoch-0.9.4
crossbeam-epoch-0.9.5
crossbeam-epoch-0.9.6
crossbeam-queue-0.*
crossbeam-queue-0.1.0
crossbeam-queue-0.1.1
crossbeam-queue-0.1.2
crossbeam-queue-0.2.0
crossbeam-queue-0.2.1
crossbeam-queue-0.3.0
crossbeam-queue-0.3.1
crossbeam-queue-0.3.2
crossbeam-queue-0.3.3
crossbeam-utils-0.*
crossbeam-utils-0.1.0
crossbeam-utils-0.6.0
crossbeam-utils-0.6.1
crossbeam-utils-0.6.2
crossbeam-utils-0.6.3
crossbeam-utils-0.6.4
crossbeam-utils-0.6.5
crossbeam-utils-0.6.6
crossbeam-utils-0.7.0
crossbeam-utils-0.7.2
crossbeam-utils-0.8.0
crossbeam-utils-0.8.1
crossbeam-utils-0.8.2
crossbeam-utils-0.8.3
crossbeam-utils-0.8.4
crossbeam-utils-0.8.5
crossbeam-utils-0.8.6
v0.*
v0.0.0
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.3.0
v0.3.1
v0.3.2
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.5.0
v0.5.1
v0.5.2
v0.6.0
v0.6.1