Maor Kleinberger

**Name of the Vulnerable Software and Affected Versions** crossbeam-deque versions prior to 0.7.4 and 0.8.0 **Description** The issue is caused by a race condition that can result in one or more tasks in the worker queue being popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal batch`, or `Stealer::steal batch and pop` are affected by this issue. **Recommendations** For crossbeam-deque versions prior to 0.7.4, update to version 0.7.4 or later. For crossbeam-deque versions prior to 0.8.0, update to version 0.8.1 or later. As a temporary workaround, consider restricting the use of `Stealer::steal`, `Stealer::steal batch`, and `Stealer::steal batch and pop` until a patch is available.