crossbeam-channel

crates.io3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting crossbeam-channelpage 1 of 1

CVE-2020-15254HIGHCVSS 8.1EG 8.1✓ Fixed in 0.4.4
2020-10-16
Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::fro…
CVE-2020-35904MEDIUMCVSS 5.5EG 5.5✓ Fixed in 0.4.4
2020-12-31
An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are.
CVE-2025-4574MEDIUMCVSS 6.5EG 6.5✓ Fixed in 0.5.15
2025-05-13
In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.

Check whether crossbeam-channel is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for crossbeam-channel CVEs against the assets you own.

Start Free Scan →