{"containers": {"cna": {"affected": [{"product": "crossbeam", "vendor": "crossbeam-rs", "versions": [{"status": "affected", "version": "< 0.7.4"}, {"status": "affected", "version": ">= 0.8.0, < 0.8.1"}]}], "descriptions": [{"lang": "en", "value": "crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-362", "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-18T02:06:24", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw"}, {"name": "FEDORA-2021-a5161737c3", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EW5B2VTDVMJ6B3DA4VLMAMW2GGDCE2BK/"}, {"name": "FEDORA-2021-537541ceae", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCIBFGBSL3JSVJQTNEDEIMZGZF23N2KE/"}, {"name": "FEDORA-2021-5e99655cca", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VQZIEJQBV3S72BHD5GKJQF3NVYNRV5CF/"}, {"name": "FEDORA-2021-2db6c84087", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRPKBRXCRNGNMVFQPFD4LM3QKPEMBQQR/"}, {"name": "FEDORA-2021-60f0e1bb35", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EZILHZDRGDPOBQ4KTW3E5PPMKLHGH5N/"}, {"name": "FEDORA-2021-3cf88e44b4", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFBZWCLG7AGLJO4A7K5IMJVPLSWZ5TJP/"}, {"name": "FEDORA-2021-67d6c34e5b", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WGB2H35CTZDHOV3VLC5BM6VFGURLLVRP/"}, {"name": "FEDORA-2021-32c9adf002", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CY5T3FCE4MUYSPKEWICLVJBBODGJ6SZE/"}, {"name": "FEDORA-2021-e37a366b00", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWHNNBJCU4EHA2X5ZAMJMGLDUYS5FEPP/"}, {"name": "FEDORA-2021-af2eb94426", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3LSN3B43TJSFIOB3QLPBI3RCHRU5BLO/"}, {"name": "FEDORA-2021-9dc0bd0072", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQDIBB7VR3ER52FMSMNJPAWNDO5SITCE/"}, {"name": "FEDORA-2021-0f82e9d6d5", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCLMH7B7B2MF55ET4NQNPH7JWISFX4RT/"}, {"name": "FEDORA-2021-e5ec6d55bf", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYBSLIYFANZLCYWOGTIYZUM26TJRH7WU/"}, {"name": "FEDORA-2021-79ce3cb64a", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUBWBYCPSSXTJGEAQ67CJUNQJBOCM26/"}], "source": {"advisory": "GHSA-pqqp-xmhj-wgcw", "discovery": "UNKNOWN"}, "title": "Data race in crossbeam-deque", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32810", "STATE": "PUBLIC", "TITLE": "Data race in crossbeam-deque"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "crossbeam", "version": {"version_data": [{"version_value": "< 0.7.4"}, {"version_value": ">= 0.8.0, < 0.8.1"}]}}]}, "vendor_name": "crossbeam-rs"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw", "refsource": "CONFIRM", "url": "https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw"}, {"name": "FEDORA-2021-a5161737c3", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EW5B2VTDVMJ6B3DA4VLMAMW2GGDCE2BK/"}, {"name": "FEDORA-2021-537541ceae", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCIBFGBSL3JSVJQTNEDEIMZGZF23N2KE/"}, {"name": "FEDORA-2021-5e99655cca", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VQZIEJQBV3S72BHD5GKJQF3NVYNRV5CF/"}, {"name": "FEDORA-2021-2db6c84087", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRPKBRXCRNGNMVFQPFD4LM3QKPEMBQQR/"}, {"name": "FEDORA-2021-60f0e1bb35", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EZILHZDRGDPOBQ4KTW3E5PPMKLHGH5N/"}, {"name": "FEDORA-2021-3cf88e44b4", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFBZWCLG7AGLJO4A7K5IMJVPLSWZ5TJP/"}, {"name": "FEDORA-2021-67d6c34e5b", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WGB2H35CTZDHOV3VLC5BM6VFGURLLVRP/"}, {"name": "FEDORA-2021-32c9adf002", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CY5T3FCE4MUYSPKEWICLVJBBODGJ6SZE/"}, {"name": "FEDORA-2021-e37a366b00", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AWHNNBJCU4EHA2X5ZAMJMGLDUYS5FEPP/"}, {"name": "FEDORA-2021-af2eb94426", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3LSN3B43TJSFIOB3QLPBI3RCHRU5BLO/"}, {"name": "FEDORA-2021-9dc0bd0072", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQDIBB7VR3ER52FMSMNJPAWNDO5SITCE/"}, {"name": "FEDORA-2021-0f82e9d6d5", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCLMH7B7B2MF55ET4NQNPH7JWISFX4RT/"}, {"name": "FEDORA-2021-e5ec6d55bf", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYBSLIYFANZLCYWOGTIYZUM26TJRH7WU/"}, {"name": "FEDORA-2021-79ce3cb64a", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUBWBYCPSSXTJGEAQ67CJUNQJBOCM26/"}]}, "source": {"advisory": "GHSA-pqqp-xmhj-wgcw", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:33:56.077Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw"}, {"name": "FEDORA-2021-a5161737c3", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EW5B2VTDVMJ6B3DA4VLMAMW2GGDCE2BK/"}, {"name": "FEDORA-2021-537541ceae", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCIBFGBSL3JSVJQTNEDEIMZGZF23N2KE/"}, {"name": "FEDORA-2021-5e99655cca", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VQZIEJQBV3S72BHD5GKJQF3NVYNRV5CF/"}, {"name": "FEDORA-2021-2db6c84087", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRPKBRXCRNGNMVFQPFD4LM3QKPEMBQQR/"}, {"name": "FEDORA-2021-60f0e1bb35", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EZILHZDRGDPOBQ4KTW3E5PPMKLHGH5N/"}, {"name": "FEDORA-2021-3cf88e44b4", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFBZWCLG7AGLJO4A7K5IMJVPLSWZ5TJP/"}, {"name": "FEDORA-2021-67d6c34e5b", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WGB2H35CTZDHOV3VLC5BM6VFGURLLVRP/"}, {"name": "FEDORA-2021-32c9adf002", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CY5T3FCE4MUYSPKEWICLVJBBODGJ6SZE/"}, {"name": "FEDORA-2021-e37a366b00", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWHNNBJCU4EHA2X5ZAMJMGLDUYS5FEPP/"}, {"name": "FEDORA-2021-af2eb94426", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3LSN3B43TJSFIOB3QLPBI3RCHRU5BLO/"}, {"name": "FEDORA-2021-9dc0bd0072", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQDIBB7VR3ER52FMSMNJPAWNDO5SITCE/"}, {"name": "FEDORA-2021-0f82e9d6d5", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCLMH7B7B2MF55ET4NQNPH7JWISFX4RT/"}, {"name": "FEDORA-2021-e5ec6d55bf", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYBSLIYFANZLCYWOGTIYZUM26TJRH7WU/"}, {"name": "FEDORA-2021-79ce3cb64a", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUBWBYCPSSXTJGEAQ67CJUNQJBOCM26/"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-32810", "datePublished": "2021-08-02T18:35:12", "dateReserved": "2021-05-12T00:00:00", "dateUpdated": "2024-08-03T23:33:56.077Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:crossbeam_project:crossbeam:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E58599A-A962-4F81-B286-05F7FBD752D0", "versionEndExcluding": "0.7.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:crossbeam_project:crossbeam:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF8EE28D-2936-4A23-A3FC-B264A9EBD47D", "versionEndExcluding": "0.8.1", "versionStartIncluding": "0.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4."}, {"lang": "es", "value": "crossbeam-deque es un paquete de deques work-stealing para construir programadores de tareas cuando se programa en Rust. En versiones anteriores a 0.7.4 y 0.8.0, el resultado de la condici\u00f3n de carrera es que una o m\u00e1s tareas en la cola de trabajadores pueden ser saltadas dos veces en lugar de otras tareas que son olvidadas y nunca saltadas. Si las tareas est\u00e1n asignadas en la pila, esto puede causar una doble liberaci\u00f3n y una p\u00e9rdida de memoria. Si no es as\u00ed, esto todav\u00eda puede causar un error l\u00f3gico. Las cajas que usan \"Stealer::steal\", \"Stealer::steal_batch\", o \"Stealer::steal_batch_and_pop\" est\u00e1n afectadas por este problema. Esto ha sido corregido en crossbeam-deque versiones 0.8.1 y 0.7.4"}], "id": "CVE-2021-32810", "lastModified": "2023-11-07T03:35:29.203", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-08-02T19:15:08.280", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EZILHZDRGDPOBQ4KTW3E5PPMKLHGH5N/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWHNNBJCU4EHA2X5ZAMJMGLDUYS5FEPP/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYBSLIYFANZLCYWOGTIYZUM26TJRH7WU/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CY5T3FCE4MUYSPKEWICLVJBBODGJ6SZE/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EW5B2VTDVMJ6B3DA4VLMAMW2GGDCE2BK/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCIBFGBSL3JSVJQTNEDEIMZGZF23N2KE/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCLMH7B7B2MF55ET4NQNPH7JWISFX4RT/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRPKBRXCRNGNMVFQPFD4LM3QKPEMBQQR/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUBWBYCPSSXTJGEAQ67CJUNQJBOCM26/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3LSN3B43TJSFIOB3QLPBI3RCHRU5BLO/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VQZIEJQBV3S72BHD5GKJQF3NVYNRV5CF/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WGB2H35CTZDHOV3VLC5BM6VFGURLLVRP/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFBZWCLG7AGLJO4A7K5IMJVPLSWZ5TJP/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQDIBB7VR3ER52FMSMNJPAWNDO5SITCE/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "security-advisories@github.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2021:3791", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:91.2.0-4.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-10-12T00:00:00Z"}, {"advisory": "RHSA-2021:3841", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:91.2.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-10-13T00:00:00Z"}, {"advisory": "RHSA-2021:3755", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:91.2.0-4.el8_4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-10-11T00:00:00Z"}, {"advisory": "RHSA-2021:3838", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:91.2.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-10-13T00:00:00Z"}, {"advisory": "RHSA-2021:3757", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "firefox-0:91.2.0-4.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-10-11T00:00:00Z"}, {"advisory": "RHSA-2021:3840", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "thunderbird-0:91.2.0-1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-10-13T00:00:00Z"}, {"advisory": "RHSA-2021:3756", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "firefox-0:91.2.0-4.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-10-11T00:00:00Z"}, {"advisory": "RHSA-2021:3839", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "thunderbird-0:91.2.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-10-13T00:00:00Z"}], "bugzilla": {"description": "rust-crossbeam-deque: race condition may lead to double free", "id": "1990342", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990342"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-119", "details": ["crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4."], "name": "CVE-2021-32810", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2021-08-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-32810\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-32810"], "threat_severity": "Moderate", "upstream_fix": "thunderbird 91.2, firefox 91.2, rust-crossbeam-deque 0.7.4, rust-crossbeam-deque 0.8.1"}