CVE-2021-45710 — Vulnetix

CVE-2021-45710 PUBLISHED CVSS 5.099999904632568 MEDIUM

An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.

EPSS 0.18% · 39.4th percentile

Risk Scores

CVSS v2.0

5.099999904632568

EPSS Score

0.18%

39.4th percentile

Affected Products

Vendor	Product	Versions
tokio	tokio	1.9.0, 0.1.14
n/a	n/a	n/a
crates.io	tokio	0.1.14, 1.9.0

Timeline

Nov 16, 2021 CVE Published
Dec 27, 2021 EPSS Score
Feb 19, 2022 EPSS Score
Apr 14, 2022 EPSS Score
Jun 7, 2022 EPSS Score
Jul 31, 2022 EPSS Score
Sep 23, 2022 EPSS Score
Nov 16, 2022 EPSS Score
Jan 9, 2023 EPSS Score
Mar 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 27, 2023 EPSS Score

References

https://rustsec.org/advisories/RUSTSEC-2021-0124.html url
https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/tokio/RUSTSEC-2021-0124.md url
https://nvd.nist.gov/vuln/detail/CVE-2021-45710 advisory
https://github.com/tokio-rs/tokio/issues/4225 url
https://github.com/tokio-rs/tokio package

Open in Interactive Console →