CVE-2021-32810
Description
crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using Stealer::steal, Stealer::steal_batch, or Stealer::steal_batch_and_pop are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.079
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities fixed in Mozilla Firefox ESR (91) (91.2.0) | Windows |
| Multiple vulnerabilities fixed in Mozilla Firefox (93.0) | Windows |
| Multiple vulnerabilities fixed in Mozilla Firefox (x64) (93.0) | Windows |
| Multiple vulnerabilities fixed in Mozilla Thunderbird (91) (x64) (91.2.0) | Windows |
| Multiple vulnerabilities fixed in Mozilla Thunderbird (91) (91.2.0) | Windows |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 93 | Mac |
| Multiple vulnerabilities are fixed in Mozilla Thunderbird For Mac 91.2 | Mac |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 91.2 | Mac |
| (RHSA-2021:3755) firefox security update firefox-91.2.0-4.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:3755) firefox security update firefox-debugsource-91.2.0-4.el8_4.x86_64.rpm | Linux |
| (RHSA-2021:3791) firefox security update firefox-91.2.0-4.el7_9.i686.rpm | Linux |
| (RHSA-2021:3791) firefox security update firefox-91.2.0-4.el7_9.x86_64.rpm | Linux |
| (RHSA-2021:3841) thunderbird security update thunderbird-91.2.0-1.el7_9.x86_64.rpm | Linux |
| Firefox update (ELSA-2021-3755) firefox-91.2.0-4.0.1.el8_4.x86_64.rpm | Linux |
| Thunderbird update (ELSA-2021-3838) thunderbird-91.2.0-1.0.1.el8_4.x86_64.rpm | Linux |
| Firefox update (ELSA-2021-3791) firefox-91.2.0-4.0.1.el7_9.i686.rpm | Linux |
| Firefox update (ELSA-2021-3791) firefox-91.2.0-4.0.1.el7_9.x86_64.rpm | Linux |
| Thunderbird update (ELSA-2021-3841) thunderbird-91.2.0-1.0.1.el7_9.x86_64.rpm | Linux |
| Mozilla Open Source mail and newsgroup client (USN-5132-1) thunderbird_91.2.1+build1-0ubuntu0.21.10.1_amd64.deb | Linux |
| SUSE-SU-2021:3446-1(SUSE Linux Enterprise Server 12-SP5 ) MozillaFirefox-91.2.0-112.74.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3446-1(SUSE Linux Enterprise Server 12-SP5 ) MozillaFirefox-debuginfo-91.2.0-112.74.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3446-1(SUSE Linux Enterprise Server 12-SP5 ) MozillaFirefox-debugsource-91.2.0-112.74.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3446-1(SUSE Linux Enterprise Server 12-SP5 ) MozillaFirefox-devel-91.2.0-112.74.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3446-1(SUSE Linux Enterprise Server 12-SP5 ) MozillaFirefox-translations-common-91.2.0-112.74.1.x86_64.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-321748 | Mozilla Firefox (93.0) |
| PATCH-321749 | Mozilla Firefox (x64) (93.0) |
| PATCH-321786 | Mozilla Thunderbird (91) (x64) (91.2.0) |
| PATCH-321775 | Mozilla Thunderbird (91) (91.2.0) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
| PATCH-611807 | Mozilla Thunderbird For Mac (142.0) |
| PATCH-612783 | Mozilla Firefox For Mac (145.0.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234