N/A

CVSS Score

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-rwf4-gx62-rqfw

GHSA-rwf4-gx62-rqfw: `MsQueue` `push`/`pop` use the wrong orderings

Affected versions of this crate use orderings which are too weak to support this data structure. It is likely this has caused memory corruption in the wild: https://github.com/crossbeam-rs/crossbeam/issues/97#issuecomment-412785919.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-rwf4-gx62-rqfw

GHSA-rwf4-gx62-rqfw:

N/A

CVSS Score

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
crossbeam	rust	< 0.3.0	0.3.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from incorrect use of Relaxed memory ordering in atomic operations within the MS Queue implementation. The original implementation (as shown in linked PR #98) used Ordering::Relaxed for both the store in push() and load in pop(), which doesn't provide the necessary happens-before relationships between producers and consumers. The fix changed these to Release/Acquire orderings respectively. The functions are clearly identified in the crossbeam issue #97 comments and subsequent fix in PR #98, with specific references to push/pop operations in ms_queue.rs. Memory corruption reports in production (as noted in the advisory) confirm the real-world impact of these weak orderings.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-rwf4-gx62-rqfw: `MsQueue` `push`/`pop` use the wrong orderings

GHSA-rwf4-gx62-rqfw:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

Basic Information

Basic Information

GHSA-rwf4-gx62-rqfw: `MsQueue` `push`/`pop` use the wrong orderings

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

N/A

N/A

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI