CVE-2026-46690

Published: Jun 12, 2026Modified: Jun 12, 2026

5.8

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

Exploitability: 1.0 / Impact: 4.7

Source: security-advisories@github.com (Secondary)

Description

unbounded_spsc is an "unbounded" extension of bounded_spsc_queue. In versions 0.2.0 and prior, sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race. At time of publication, there are no publicly available patches.

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://github.com/spearman/unbounded-spsc/security/advisories/GHSA-6m57-8r3p-pqx6

Source: security-advisories@github.com

https://github.com/spearman/unbounded-spsc/security/advisories/GHSA-6m57-8r3p-pqx6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Timeline

No history available yet.