{"api_version":"1","generated_at":"2026-04-22T23:31:48+00:00","cve":"CVE-2021-32810","urls":{"html":"https://cve.report/CVE-2021-32810","api":"https://cve.report/api/cve/CVE-2021-32810.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-32810","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-32810"},"summary":{"title":"CVE-2021-32810","description":"crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4.","state":"PUBLIC","assigner":"security-advisories@github.com","published_at":"2021-08-02 19:15:00","updated_at":"2023-11-07 03:35:00"},"problem_types":["CWE-362"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WGB2H35CTZDHOV3VLC5BM6VFGURLLVRP/","name":"FEDORA-2021-67d6c34e5b","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-weezl-0.1.5-3.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EZILHZDRGDPOBQ4KTW3E5PPMKLHGH5N/","name":"FEDORA-2021-60f0e1bb35","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-tokei-12.0.4-7.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCLMH7B7B2MF55ET4NQNPH7JWISFX4RT/","name":"FEDORA-2021-0f82e9d6d5","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-sd-0.7.6-4.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCLMH7B7B2MF55ET4NQNPH7JWISFX4RT/","name":"FEDORA-2021-0f82e9d6d5","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-sd-0.7.6-4.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFUBWBYCPSSXTJGEAQ67CJUNQJBOCM26/","name":"FEDORA-2021-79ce3cb64a","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-gettext-sys-0.21.2-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCIBFGBSL3JSVJQTNEDEIMZGZF23N2KE/","name":"FEDORA-2021-537541ceae","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-heatseeker-1.7.1-6.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3LSN3B43TJSFIOB3QLPBI3RCHRU5BLO/","name":"FEDORA-2021-af2eb94426","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-diskonaut-0.11.0-5.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFBZWCLG7AGLJO4A7K5IMJVPLSWZ5TJP/","name":"FEDORA-2021-3cf88e44b4","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-git-version-0.3.4-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQDIBB7VR3ER52FMSMNJPAWNDO5SITCE/","name":"FEDORA-2021-9dc0bd0072","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-jql-2.9.4-2.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CY5T3FCE4MUYSPKEWICLVJBBODGJ6SZE/","name":"FEDORA-2021-32c9adf002","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-dua-cli-2.11.1-3.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WGB2H35CTZDHOV3VLC5BM6VFGURLLVRP/","name":"FEDORA-2021-67d6c34e5b","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-weezl-0.1.5-3.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EW5B2VTDVMJ6B3DA4VLMAMW2GGDCE2BK/","name":"FEDORA-2021-a5161737c3","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-rav1e-0.4.1-4.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CY5T3FCE4MUYSPKEWICLVJBBODGJ6SZE/","name":"FEDORA-2021-32c9adf002","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-dua-cli-2.11.1-3.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQDIBB7VR3ER52FMSMNJPAWNDO5SITCE/","name":"FEDORA-2021-9dc0bd0072","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-jql-2.9.4-2.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYBSLIYFANZLCYWOGTIYZUM26TJRH7WU/","name":"FEDORA-2021-e5ec6d55bf","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-askalono-cli-0.4.3-5.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYBSLIYFANZLCYWOGTIYZUM26TJRH7WU/","name":"FEDORA-2021-e5ec6d55bf","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-askalono-cli-0.4.3-5.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AWHNNBJCU4EHA2X5ZAMJMGLDUYS5FEPP/","name":"FEDORA-2021-e37a366b00","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: zola-0.12.2-6.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EZILHZDRGDPOBQ4KTW3E5PPMKLHGH5N/","name":"FEDORA-2021-60f0e1bb35","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-tokei-12.0.4-7.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VQZIEJQBV3S72BHD5GKJQF3NVYNRV5CF/","name":"FEDORA-2021-5e99655cca","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-skim-0.9.4-4.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRPKBRXCRNGNMVFQPFD4LM3QKPEMBQQR/","name":"FEDORA-2021-2db6c84087","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-pulldown-cmark-0.8.0-4.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw","name":"https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw","refsource":"CONFIRM","tags":[],"title":"Data race in crossbeam-deque · Advisory · crossbeam-rs/crossbeam · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCIBFGBSL3JSVJQTNEDEIMZGZF23N2KE/","name":"FEDORA-2021-537541ceae","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-heatseeker-1.7.1-6.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFBZWCLG7AGLJO4A7K5IMJVPLSWZ5TJP/","name":"FEDORA-2021-3cf88e44b4","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-git-version-0.3.4-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUBWBYCPSSXTJGEAQ67CJUNQJBOCM26/","name":"FEDORA-2021-79ce3cb64a","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-gettext-sys-0.21.2-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWHNNBJCU4EHA2X5ZAMJMGLDUYS5FEPP/","name":"FEDORA-2021-e37a366b00","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: zola-0.12.2-6.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRPKBRXCRNGNMVFQPFD4LM3QKPEMBQQR/","name":"FEDORA-2021-2db6c84087","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-pulldown-cmark-0.8.0-4.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EW5B2VTDVMJ6B3DA4VLMAMW2GGDCE2BK/","name":"FEDORA-2021-a5161737c3","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-rav1e-0.4.1-4.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3LSN3B43TJSFIOB3QLPBI3RCHRU5BLO/","name":"FEDORA-2021-af2eb94426","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-diskonaut-0.11.0-5.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VQZIEJQBV3S72BHD5GKJQF3NVYNRV5CF/","name":"FEDORA-2021-5e99655cca","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: rust-skim-0.9.4-4.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-32810","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32810","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"32810","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"crossbeam_project","cpe5":"crossbeam","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"32810","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-32810","qid":"159412","title":"Oracle Enterprise Linux Security Update for firefox (ELSA-2021-3755)"},{"cve":"CVE-2021-32810","qid":"159428","title":"Oracle Enterprise Linux Security Update for firefox (ELSA-2021-3791)"},{"cve":"CVE-2021-32810","qid":"159429","title":"Oracle Enterprise Linux Security Update for thunderbird (ELSA-2021-3838)"},{"cve":"CVE-2021-32810","qid":"159430","title":"Oracle Enterprise Linux Security Update for thunderbird (ELSA-2021-3841)"},{"cve":"CVE-2021-32810","qid":"182439","title":"Debian Security Update for rust-crossbeam-deque (CVE-2021-32810)"},{"cve":"CVE-2021-32810","qid":"198534","title":"Ubuntu Security Notification for Firefox Vulnerabilities (USN-5107-1)"},{"cve":"CVE-2021-32810","qid":"198559","title":"Ubuntu Security Notification for Thunderbird Vulnerabilities (USN-5132-1)"},{"cve":"CVE-2021-32810","qid":"239664","title":"Red Hat Update for firefox (RHSA-2021:3757)"},{"cve":"CVE-2021-32810","qid":"239665","title":"Red Hat Update for firefox (RHSA-2021:3756)"},{"cve":"CVE-2021-32810","qid":"239666","title":"Red Hat Update for firefox (RHSA-2021:3755)"},{"cve":"CVE-2021-32810","qid":"239677","title":"Red Hat Update for firefox (RHSA-2021:3791)"},{"cve":"CVE-2021-32810","qid":"239682","title":"Red Hat Update for thunderbird (RHSA-2021:3841)"},{"cve":"CVE-2021-32810","qid":"239683","title":"Red Hat Update for thunderbird (RHSA-2021:3840)"},{"cve":"CVE-2021-32810","qid":"239684","title":"Red Hat Update for thunderbird (RHSA-2021:3839)"},{"cve":"CVE-2021-32810","qid":"239685","title":"Red Hat Update for thunderbird (RHSA-2021:3838)"},{"cve":"CVE-2021-32810","qid":"257116","title":"CentOS Security Update for firefox (CESA-2021:3791)"},{"cve":"CVE-2021-32810","qid":"257126","title":"CentOS Security Update for thunderbird (CESA-2021:3841)"},{"cve":"CVE-2021-32810","qid":"281774","title":"Fedora Security Update for rust (FEDORA-2021-a5161737c3)"},{"cve":"CVE-2021-32810","qid":"281800","title":"Fedora Security Update for rust (FEDORA-2021-3cf88e44b4)"},{"cve":"CVE-2021-32810","qid":"281801","title":"Fedora Security Update for zola (FEDORA-2021-e37a366b00)"},{"cve":"CVE-2021-32810","qid":"281802","title":"Fedora Security Update for rust (FEDORA-2021-67d6c34e5b)"},{"cve":"CVE-2021-32810","qid":"281803","title":"Fedora Security Update for rust (FEDORA-2021-60f0e1bb35)"},{"cve":"CVE-2021-32810","qid":"281804","title":"Fedora Security Update for rust (FEDORA-2021-5e99655cca)"},{"cve":"CVE-2021-32810","qid":"281805","title":"Fedora Security Update for rust (FEDORA-2021-0f82e9d6d5)"},{"cve":"CVE-2021-32810","qid":"281806","title":"Fedora Security Update for rust (FEDORA-2021-2db6c84087)"},{"cve":"CVE-2021-32810","qid":"281807","title":"Fedora Security Update for rust (FEDORA-2021-9dc0bd0072)"},{"cve":"CVE-2021-32810","qid":"281808","title":"Fedora Security Update for rust (FEDORA-2021-32c9adf002)"},{"cve":"CVE-2021-32810","qid":"281809","title":"Fedora Security Update for rust (FEDORA-2021-af2eb94426)"},{"cve":"CVE-2021-32810","qid":"281810","title":"Fedora Security Update for rust (FEDORA-2021-e5ec6d55bf)"},{"cve":"CVE-2021-32810","qid":"281811","title":"Fedora Security Update for rust (FEDORA-2021-537541ceae)"},{"cve":"CVE-2021-32810","qid":"281813","title":"Fedora Security Update for rust (FEDORA-2021-64e9e98eb4)"},{"cve":"CVE-2021-32810","qid":"281825","title":"Fedora Security Update for newsboat (FEDORA-2021-79ce3cb64a)"},{"cve":"CVE-2021-32810","qid":"296066","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 40.107.3 Missing (CPUOCT2021)"},{"cve":"CVE-2021-32810","qid":"353982","title":"Amazon Linux Security Advisory for thunderbird : ALAS2-2022-1818"},{"cve":"CVE-2021-32810","qid":"375943","title":"Mozilla Firefox ESR Multiple Vulnerabilities (MFSA2021-45)"},{"cve":"CVE-2021-32810","qid":"375945","title":"Mozilla Firefox Multiple Vulnerabilities (MFSA2021-43)"},{"cve":"CVE-2021-32810","qid":"375959","title":"Mozilla Thunderbird Multiple Vulnerabilities (MFSA2021-47)"},{"cve":"CVE-2021-32810","qid":"502069","title":"Alpine Linux Security Update for firefox-esr"},{"cve":"CVE-2021-32810","qid":"502081","title":"Alpine Linux Security Update for firefox"},{"cve":"CVE-2021-32810","qid":"502381","title":"Alpine Linux Security Update for thunderbird"},{"cve":"CVE-2021-32810","qid":"503632","title":"Alpine Linux Security Update for thunderbird"},{"cve":"CVE-2021-32810","qid":"503634","title":"Alpine Linux Security Update for thunderbird"},{"cve":"CVE-2021-32810","qid":"503650","title":"Alpine Linux Security Update for thunderbird"},{"cve":"CVE-2021-32810","qid":"503669","title":"Alpine Linux Security Update for thunderbird"},{"cve":"CVE-2021-32810","qid":"503852","title":"Alpine Linux Security Update for firefox"},{"cve":"CVE-2021-32810","qid":"504812","title":"Alpine Linux Security Update for firefox-esr"},{"cve":"CVE-2021-32810","qid":"506260","title":"Alpine Linux Security Update for thunderbird"},{"cve":"CVE-2021-32810","qid":"751210","title":"SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2021:3331-1)"},{"cve":"CVE-2021-32810","qid":"751226","title":"OpenSUSE Security Update for MozillaFirefox (openSUSE-SU-2021:3331-1)"},{"cve":"CVE-2021-32810","qid":"751230","title":"SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2021:3446-1)"},{"cve":"CVE-2021-32810","qid":"751237","title":"OpenSUSE Security Update for MozillaFirefox (openSUSE-SU-2021:3451-1)"},{"cve":"CVE-2021-32810","qid":"751246","title":"OpenSUSE Security Update for MozillaFirefox (openSUSE-SU-2021:1367-1)"},{"cve":"CVE-2021-32810","qid":"751542","title":"OpenSUSE Security Update for MozillaThunderbird (openSUSE-SU-2021:4150-1)"},{"cve":"CVE-2021-32810","qid":"751566","title":"OpenSUSE Security Update for MozillaThunderbird (openSUSE-SU-2021:1635-1)"},{"cve":"CVE-2021-32810","qid":"940182","title":"AlmaLinux Security Update for firefox (ALSA-2021:3755)"},{"cve":"CVE-2021-32810","qid":"940268","title":"AlmaLinux Security Update for thunderbird (ALSA-2021:3838)"},{"cve":"CVE-2021-32810","qid":"960080","title":"Rocky Linux Security Update for firefox (RLSA-2021:3755)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security-advisories@github.com","ID":"CVE-2021-32810","STATE":"PUBLIC","TITLE":"Data race in crossbeam-deque"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"crossbeam","version":{"version_data":[{"version_value":"< 0.7.4"},{"version_value":">= 0.8.0, < 0.8.1"}]}}]},"vendor_name":"crossbeam-rs"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4."}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}]},"references":{"reference_data":[{"name":"https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw","refsource":"CONFIRM","url":"https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-pqqp-xmhj-wgcw"},{"refsource":"FEDORA","name":"FEDORA-2021-a5161737c3","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EW5B2VTDVMJ6B3DA4VLMAMW2GGDCE2BK/"},{"refsource":"FEDORA","name":"FEDORA-2021-537541ceae","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCIBFGBSL3JSVJQTNEDEIMZGZF23N2KE/"},{"refsource":"FEDORA","name":"FEDORA-2021-5e99655cca","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VQZIEJQBV3S72BHD5GKJQF3NVYNRV5CF/"},{"refsource":"FEDORA","name":"FEDORA-2021-2db6c84087","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRPKBRXCRNGNMVFQPFD4LM3QKPEMBQQR/"},{"refsource":"FEDORA","name":"FEDORA-2021-60f0e1bb35","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EZILHZDRGDPOBQ4KTW3E5PPMKLHGH5N/"},{"refsource":"FEDORA","name":"FEDORA-2021-3cf88e44b4","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFBZWCLG7AGLJO4A7K5IMJVPLSWZ5TJP/"},{"refsource":"FEDORA","name":"FEDORA-2021-67d6c34e5b","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WGB2H35CTZDHOV3VLC5BM6VFGURLLVRP/"},{"refsource":"FEDORA","name":"FEDORA-2021-32c9adf002","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CY5T3FCE4MUYSPKEWICLVJBBODGJ6SZE/"},{"refsource":"FEDORA","name":"FEDORA-2021-e37a366b00","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AWHNNBJCU4EHA2X5ZAMJMGLDUYS5FEPP/"},{"refsource":"FEDORA","name":"FEDORA-2021-af2eb94426","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3LSN3B43TJSFIOB3QLPBI3RCHRU5BLO/"},{"refsource":"FEDORA","name":"FEDORA-2021-9dc0bd0072","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQDIBB7VR3ER52FMSMNJPAWNDO5SITCE/"},{"refsource":"FEDORA","name":"FEDORA-2021-0f82e9d6d5","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCLMH7B7B2MF55ET4NQNPH7JWISFX4RT/"},{"refsource":"FEDORA","name":"FEDORA-2021-e5ec6d55bf","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYBSLIYFANZLCYWOGTIYZUM26TJRH7WU/"},{"refsource":"FEDORA","name":"FEDORA-2021-79ce3cb64a","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFUBWBYCPSSXTJGEAQ67CJUNQJBOCM26/"}]},"source":{"advisory":"GHSA-pqqp-xmhj-wgcw","discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2021-08-02 19:15:00","lastModifiedDate":"2023-11-07 03:35:00","problem_types":["CWE-362"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:crossbeam_project:crossbeam:*:*:*:*:*:*:*:*","versionEndExcluding":"0.7.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:crossbeam_project:crossbeam:*:*:*:*:*:*:*:*","versionStartIncluding":"0.8.0","versionEndExcluding":"0.8.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"32810","Ordinal":"208198","Title":"CVE-2021-32810","CVE":"CVE-2021-32810","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"32810","Ordinal":"1","NoteData":"crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"32810","Ordinal":"2","NoteData":"2021-08-02","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"32810","Ordinal":"3","NoteData":"2021-08-17","Type":"Other","Title":"Modified"}]}}}