CGA-xmrp-787g-rp2r

Published

Last updated

https://images.chainguard.dev/security/CGA-xmrp-787g-rp2r

Package

wadm

RepositoryWolfi

Latest Update

Fixed

Fixed Version

0.21.0-r2

Aliases

GHSA-pg9f-39pc-qf8g

Severity

Unknown

Summary

crossbeam-channel Vulnerable to Double Free on Drop

Description

The internal Channel type's Drop method has a race which could, in some circumstances, lead to a double-free. This could result in memory corruption.

Quoting from the upstream description in merge request #1187:

The problem lies in the fact that dicard_all_messages contained two paths that could lead to head.block being read but only one of them would swap the value. This meant that dicard_all_messages could end up observing a non-null block pointer (and therefore attempting to free it) without setting head.block to null. This would then lead to Channel::drop making a second attempt at dropping the same pointer.

The bug was introduced while fixing a memory leak, in upstream MR #1084, first published in 0.5.12.

The fix is in upstream MR #1187 and has been published in 0.5.15

References

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-xmrp-787g-rp2r

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources