OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-30 16:24:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

beef: beef::Cow lacks a Sync bound on its Send trait allowing for data races (#696)

Browse Source
This commit is contained in:
Youngsuk Kim
2021-01-26 20:21:19 -05:00
committed by GitHub
parent 049df72e54
commit 8f6dc8608a
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
crates/beef/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,19 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "beef"
date = "2020-10-28"
url = "https://github.com/maciejhirsz/beef/issues/37"
categories = ["memory-corruption", "thread-safety"]
[versions]
patched = [">= 0.5.0"]
```
# beef::Cow lacks a Sync bound on its Send trait allowing for data races
Affected versions of this crate did not have a `T: Sync` bound in the `Send` impl for `Cow<'_, T, U>`. This allows users to create data races by making `Cow` contain types that are (Send && !Sync) like `Cell<_>` or `RefCell<_>`.
Such data races can lead to memory corruption.
The flaw was corrected in commit d1c7658 by adding trait bounds `T: Sync` and `T::Owned: Send` to the `Send` impl for `Cow<'_, T, U>`.