In crossbeam-channel rust crate, the internal Channel types Drop method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.