crossbeam-epoch is vulnerable to Invalid Pointer Dereference
15
Low Risk
The fmt::Pointer implementation (used by the {:p} formatter) for Atomic<T> and Shared<'_, T> dereferences the underlying raw pointer while formatting it. When the pointer is null (for example from Atomic::null or Shared::null) or otherwise invalid, formatting the value performs an invalid pointer dereference, which is undefined behavior and can crash the process. The 0.9.19 fix only guarded the plain null case and still dereferenced other invalid pointers. The fix stops dereferencing entirely and formats the raw address as a *const () value.
You are affected if you are using a version that falls within the vulnerable range and your application formats an Atomic or Shared value with its Pointer ({:p}) formatter.
crossbeam-epoch is vulnerable to Invalid Pointer Dereference in versions 0.9.0 - 0.9.19.
Upgrade the crossbeam-epoch library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

I consent to receiving marketing communications based on Aikido’s Privacy Policy.
SOC 2Compliant
ISO 27001Compliant