Intel

AIKIDO-2026-742617

crossbeam-epoch is vulnerable to Null Pointer Dereference

Null Pointer Dereference Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published 2 days ago

15

Low Risk

This Affects:

RUSTcrossbeam-epoch
0.9.0 - 0.9.18
Fixed in 0.9.19
Are you affected? Scan for Free

TL;DR

Affected versions of crossbeam-epoch are vulnerable to a null pointer dereference in the fmt::Pointer implementation for Atomic and Shared. These types can be constructed with a null pointer, but when formatted via Display or related formatting traits, the implementation calls as_ptr, which requires a valid pointer. Formatting a null Atomic or Shared value can trigger undefined behavior or crash the application.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and your application formats Atomic or Shared values that may hold a null pointer (for example via Display or debug logging).

Background info

crossbeam-epoch is vulnerable to Null Pointer Dereference in versions 0.9.0 - 0.9.18.

How to fix this

Upgrade the crossbeam-epoch library to the patch version.