CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-23639

crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was always the same as `Atomic{I,U}64`. However, the alignment of `{i,u}64` on a 32-bit target can be smaller than `Atomic{I,U}64`. This can cause unaligned memory accesses and data race. Crates using `fetch_*` methods with `AtomicCell<{i,u}64>` are affected by this issue. 32-bit targets without `Atomic{I,U}64` and 64-bit targets are not affected by this issue. This has been fixed in crossbeam-utils 0.8.7. There are currently no known workarounds.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.3%

CVSS Severity

CVSS v3 Score 8.1

CVSS v2 Score 6.8

References

Products affected by CVE-2022-23639

Crossbeam Project » Crossbeam » Version: N/A

cpe:2.3:a:crossbeam_project:crossbeam:-
Crossbeam Project » Crossbeam » Version: 0.1.0

cpe:2.3:a:crossbeam_project:crossbeam:0.1.0
Crossbeam Project » Crossbeam » Version: 0.2.0

cpe:2.3:a:crossbeam_project:crossbeam:0.2.0
Crossbeam Project » Crossbeam » Version: 0.3.0

cpe:2.3:a:crossbeam_project:crossbeam:0.3.0
Crossbeam Project » Crossbeam » Version: 0.4.0

cpe:2.3:a:crossbeam_project:crossbeam:0.4.0
Crossbeam Project » Crossbeam » Version: 0.4.1

cpe:2.3:a:crossbeam_project:crossbeam:0.4.1
Crossbeam Project » Crossbeam » Version: 0.4.3

cpe:2.3:a:crossbeam_project:crossbeam:0.4.3
Crossbeam Project » Crossbeam » Version: 0.4.4

cpe:2.3:a:crossbeam_project:crossbeam:0.4.4
Crossbeam Project » Crossbeam » Version: 0.5.0

cpe:2.3:a:crossbeam_project:crossbeam:0.5.0
Crossbeam Project » Crossbeam » Version: 0.6.0

cpe:2.3:a:crossbeam_project:crossbeam:0.6.0
Crossbeam Project » Crossbeam » Version: 0.7.0

cpe:2.3:a:crossbeam_project:crossbeam:0.7.0
Crossbeam Project » Crossbeam » Version: 0.7.1

cpe:2.3:a:crossbeam_project:crossbeam:0.7.1
Crossbeam Project » Crossbeam » Version: 0.7.2

cpe:2.3:a:crossbeam_project:crossbeam:0.7.2
Crossbeam Project » Crossbeam » Version: 0.7.3

cpe:2.3:a:crossbeam_project:crossbeam:0.7.3
Crossbeam Project » Crossbeam » Version: 0.7.4

cpe:2.3:a:crossbeam_project:crossbeam:0.7.4
Crossbeam Project » Crossbeam » Version: 0.8.0

cpe:2.3:a:crossbeam_project:crossbeam:0.8.0
Crossbeam Project » Crossbeam » Version: 0.8.1

cpe:2.3:a:crossbeam_project:crossbeam:0.8.1
Crossbeam Project » Crossbeam » Version: 0.8.3

cpe:2.3:a:crossbeam_project:crossbeam:0.8.3
Crossbeam Project » Crossbeam » Version: 0.8.4

cpe:2.3:a:crossbeam_project:crossbeam:0.8.4
Crossbeam Project » Crossbeam » Version: 0.8.5

cpe:2.3:a:crossbeam_project:crossbeam:0.8.5
Crossbeam Project » Crossbeam » Version: 0.8.6

cpe:2.3:a:crossbeam_project:crossbeam:0.8.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-23639

Products

Pricing

Contact Us