CVE-2025-4574

Sažetak

In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.

Reference

https://access.redhat.com/security/cve/CVE-2025-4574
https://bugzilla.redhat.com/show_bug.cgi?id=2358890
https://github.com/advisories/GHSA-pg9f-39pc-qf8g
https://github.com/crossbeam-rs/crossbeam/pull/1187

CVSS

Base:	6.5
Impact:	2.5
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	LOW	LOW

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Zadnje važnije ažuriranje

26-03-2026 - 23:16

Objavljeno

13-05-2025 - 22:15