CVE-2020-35904

Name of the Vulnerable Software and Affected Versions crossbeam-channel versions prior to 0.4.4

Description An issue was discovered in the crossbeam-channel crate for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are. The affected version of this crate's bounded channel incorrectly assumes that Vec::from iter has allocated capacity that same as the number of iterator elements. Vec::from iter does not actually guarantee that and may allocate extra memory. The destructor of the bounded channel reconstructs Vec from the raw pointer based on the incorrect assumptions described above. This is unsound and causing deallocation with the incorrect capacity when Vec::from iter has allocated different sizes with the number of iterator elements.

Recommendations To resolve the issue, upgrade to crossbeam-channel version 0.4.4. As a temporary workaround, consider avoiding the use of the bounded channel until a patch is applied. Restrict access to the bounded channel to minimize the risk of exploitation. Avoid using Vec::from iter in the affected bounded channel until the issue is resolved.