cvedb.io
CVE-2021-32810
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2021-08-02T19:15:08.280 · Last modified 2026-06-17T03:53:40.593

Summary

crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4.

Affected products

crossbeam_project — crossbeam

Does this affect you?

Add your gear to cvedb and we'll alert you only when crossbeam_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.