{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-23T20:52:28.983","vulnerabilities":[{"cve":{"id":"CVE-2022-23639","sourceIdentifier":"security-advisories@github.com","published":"2022-02-15T19:15:08.340","lastModified":"2026-06-17T04:30:32.423","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was always the same as `Atomic{I,U}64`. However, the alignment of `{i,u}64` on a 32-bit target can be smaller than `Atomic{I,U}64`. This can cause unaligned memory accesses and data race. Crates using `fetch_*` methods with `AtomicCell<{i,u}64>` are affected by this issue. 32-bit targets without `Atomic{I,U}64` and 64-bit targets are not affected by this issue. This has been fixed in crossbeam-utils 0.8.7. There are currently no known workarounds."},{"lang":"es","value":"crossbeam-utils proporciona atómicos, primitivas de sincronización, hilos de alcance y otras utilidades para la programación concurrente en Rust. crossbeam-utils versiones anteriores a 0.8.7, asumía incorrectamente que la alineación de \"{i,u}64\" era siempre la misma que \"Atomic{I,U}64\". Sin embargo, la alineación de \"{i,u}64\" en un objetivo de 32 bits puede ser menor que \"Atomic{I,U}64\". Esto puede causar accesos a memoria no alineados y carreras de datos. Los crates que usan métodos \"fetch_*\" con \"AtomicCell({i,u}64)\" están afectados por este problema. Los objetivos de 32 bits sin \"Atomic{I,U}64\" y los objetivos de 64 bits no están afectados por este problema. Esto ha sido corregido en crossbeam-utils versión 0.8.7. Actualmente no se presentan medidas de mitigación conocidas"}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"crossbeam-rs","product":"crossbeam","versions":[{"version":"< 0.8.7","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-04-22T15:44:27.286533Z","id":"CVE-2022-23639","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-362"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:crossbeam_project:crossbeam:*:*:*:*:*:rust:*:*","versionEndExcluding":"0.8.7","matchCriteriaId":"7C3287EB-A254-4840-815A-A3669991664F"}]}]}],"references":[{"url":"https://github.com/crossbeam-rs/crossbeam/pull/781","source":"security-advisories@github.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/crossbeam-rs/crossbeam/releases/tag/crossbeam-utils-0.8.7","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-qc84-gqf4-9926","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/crossbeam-rs/crossbeam/pull/781","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/crossbeam-rs/crossbeam/releases/tag/crossbeam-utils-0.8.7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-qc84-gqf4-9926","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}