CVE-2022-23639

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-23639

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23639.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-23639

Aliases

Downstream

DEBIAN-CVE-2022-23639

UBUNTU-CVE-2022-23639

Published

2022-02-15T18:20:10Z

Modified

2025-10-22T18:27:27.387538Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Improper Restriction of Operations within the Bounds of a Memory Buffer and Race Condition in crossbeam-utils

Details

crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of {i,u}64 was always the same as Atomic{I,U}64. However, the alignment of {i,u}64 on a 32-bit target can be smaller than Atomic{I,U}64. This can cause unaligned memory accesses and data race. Crates using fetch_* methods with AtomicCell<{i,u}64> are affected by this issue. 32-bit targets without Atomic{I,U}64 and 64-bit targets are not affected by this issue. This has been fixed in crossbeam-utils 0.8.7. There are currently no known workarounds.

Database specific

{
    "cwe_ids": [
        "CWE-362"
    ]
}

References

Affected packages

Git / github.com/crossbeam-rs/crossbeam

Affected ranges

Type: GIT
Repo: https://github.com/crossbeam-rs/crossbeam
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2988f873f87d2263a7fd2b9465fb9c28f43a6490

Affected versions

0.*

0.2.10

crossbeam-0.*

crossbeam-0.5.0

crossbeam-0.6.0

crossbeam-0.7.0

crossbeam-0.7.1

crossbeam-0.7.2

crossbeam-0.7.3

crossbeam-0.8.0

crossbeam-0.8.1

crossbeam-channel-0.*

crossbeam-channel-0.3.1

crossbeam-channel-0.3.2

crossbeam-channel-0.3.3

crossbeam-channel-0.3.4

crossbeam-channel-0.3.5

crossbeam-channel-0.3.6

crossbeam-channel-0.3.7

crossbeam-channel-0.3.8

crossbeam-channel-0.3.9

crossbeam-channel-0.4.0

crossbeam-channel-0.4.2

crossbeam-channel-0.4.3

crossbeam-channel-0.5.0

crossbeam-channel-0.5.1

crossbeam-channel-0.5.2

crossbeam-deque-0.*

crossbeam-deque-0.6.2

crossbeam-deque-0.6.3

crossbeam-deque-0.7.0

crossbeam-deque-0.7.1

crossbeam-deque-0.7.2

crossbeam-deque-0.8.0

crossbeam-deque-0.8.1

crossbeam-epoch-0.*

crossbeam-epoch-0.6.1

crossbeam-epoch-0.7.0

crossbeam-epoch-0.7.1

crossbeam-epoch-0.7.2

crossbeam-epoch-0.8.0

crossbeam-epoch-0.8.2

crossbeam-epoch-0.9.0

crossbeam-epoch-0.9.1

crossbeam-epoch-0.9.2

crossbeam-epoch-0.9.3

crossbeam-epoch-0.9.4

crossbeam-epoch-0.9.5

crossbeam-epoch-0.9.6

crossbeam-queue-0.*

crossbeam-queue-0.1.0

crossbeam-queue-0.1.1

crossbeam-queue-0.1.2

crossbeam-queue-0.2.0

crossbeam-queue-0.2.1

crossbeam-queue-0.3.0

crossbeam-queue-0.3.1

crossbeam-queue-0.3.2

crossbeam-queue-0.3.3

crossbeam-utils-0.*

crossbeam-utils-0.1.0

crossbeam-utils-0.6.0

crossbeam-utils-0.6.1

crossbeam-utils-0.6.2

crossbeam-utils-0.6.3

crossbeam-utils-0.6.4

crossbeam-utils-0.6.5

crossbeam-utils-0.6.6

crossbeam-utils-0.7.0

crossbeam-utils-0.7.2

crossbeam-utils-0.8.0

crossbeam-utils-0.8.1

crossbeam-utils-0.8.2

crossbeam-utils-0.8.3

crossbeam-utils-0.8.4

crossbeam-utils-0.8.5

crossbeam-utils-0.8.6

v0.*

v0.0.0

v0.1.0

v0.1.1

v0.1.2

v0.1.3

v0.2.0

v0.2.1

v0.2.2

v0.2.3

v0.2.4

v0.2.5

v0.2.6

v0.3.0

v0.3.1

v0.3.2

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.5.0

v0.5.1

v0.5.2

v0.6.0

v0.6.1