Miggo Logo
Miggo Vulnerability Database
GHSA-w443-5h3j-jqcp

GHSA-w443-5h3j-jqcp: Duplicate Advisory: crossbeam-channel Vulnerable to Double Free on Drop

6.5

CVSS Score
3.1

Basic Information

CVE ID
-
GHSA ID
GHSA-w443-5h3j-jqcp
EPSS Score
-
CWE
CWE-415
Published
5/14/2025
Updated
5/15/2025
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Package NameEcosystemVulnerable VersionsFirst Patched Version
crossbeam-channelrust>= 0.5.11, < 0.5.150.5.15

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The analysis is based on the provided commit information from pull request #1187. The commit message explicitly details the race condition within Channel::discard_all_messages and how it leads to Channel::drop performing a double free. The patch modifies Channel::discard_all_messages to prevent this condition. Both functions are therefore critical to understanding and triggering the vulnerability. The discard_all_messages function is where the faulty logic resided, and drop is where the double free would manifest.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### *upli**t* **visory T*is **visory **s ***n wit**r*wn ****us* it is * *upli**t* o* **S*-p***-**p*-q***. T*is link is m*int*in** to pr*s*rv* *xt*rn*l r***r*n**s. ### Ori*in*l **s*ription In *ross***m-***nn*l rust *r*t*, t** int*rn*l `***nn*l` typ*'

Reasoning

T** *n*lysis is **s** on t** provi*** *ommit in*orm*tion *rom pull r*qu*st #****. T** *ommit m*ss*** *xpli*itly **t*ils t** r*** *on*ition wit*in `***nn*l::*is**r*_*ll_m*ss***s` *n* *ow it l***s to `***nn*l::*rop` p*r*ormin* * *ou*l* *r**. T** p*t**