CVE-2020-15254 log

Severity Critical
Remote Yes
Type Arbitrary code execution
An undefined behaviour leading to memory corruption issues has been found in the crossbeam rust crate <= 0.4.3. The "bounded" channel incorrectly assumes that "Vec::from_iter" has allocated enough capacity for the number of iterator elements. "Vec::from_iter" does not actually guarantee that and may allocate extra memory. The destructor of the "bounded" channel reconstructs "Vec" from the raw pointer based on the incorrect assumptions described above. This is unsound and causing deallocation with the incorrect capacity when the size allocated by "Vec::from_iter" differs from the number of iterator elements.
Group Package Affected Fixed Severity Status Ticket
AVG-1256 firefox 81.0.2-1 82.0-1 Critical Fixed
Date Advisory Group Package Severity Type
02 Nov 2020 ASA-202011-1 AVG-1256 firefox Critical multiple issues