CVE-2018-20996: Double free in crossbeam

August 25, 2021 (updated June 13, 2023)

Even if an element is popped from a queue, crossbeam would run its destructor inside the epoch-based garbage collector. This is a source of double frees.

The flaw was corrected by wrapping elements inside queues in a ManuallyDrop.

References

github.com/advisories/GHSA-c3cw-c387-pj65
github.com/crossbeam-rs/crossbeam-epoch
github.com/crossbeam-rs/crossbeam-epoch/issues/82
nvd.nist.gov/vuln/detail/CVE-2018-20996
rustsec.org/advisories/RUSTSEC-2018-0009.html

Detect and mitigate CVE-2018-20996 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →