Add advisory for data race in conquer-once

2025-12-30 00:03:57 +01:00 · 2021-01-18 15:44:41 -08:00
parent a06ba1740f
commit 6fb69056e2
1 changed files with 24 additions and 0 deletions
--- a/crates/conquer-once/RUSTSEC-0000-0000.md
+++ b/crates/conquer-once/RUSTSEC-0000-0000.md
@@ -0,0 +1,24 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "conquer-once"
+date = "2020-12-22"
+url = "https://github.com/oliver-giersch/conquer-once/issues/3"
+categories = ["memory-corruption"]
+keywords = ["concurrency"]
+
+[versions]
+patched = [">= 0.3.2"]
+unaffected = []
+```
+
+# conquer-once's OnceCell lacks Send bound for its Sync trait.
+
+Affected versions of `conquer-once` implements `Sync` for its `OnceCell` type
+without restricting it to `Send`able types.
+
+This allows non-`Send` but `Sync` types such as `MutexGuard` to be sent across
+threads leading to undefined behavior and memory corruption in concurrent
+programs.
+
+The issue was fixed by adding a `Send` constraint to `OnceCell`.