OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-07 12:11:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
22b59ea8a3d2f1bef099f0904eaae3c96e4773b0
advisory-db/crates/conquer-once/RUSTSEC-2020-0101.md
Yechan Bae b724f12a5b Update CVE numbers (#777) 
* Update CVE numbers

* Fix RUSTSEC-2020-0093

* Add another alias for async-h1 crate
2021-02-25 20:00:25 -05:00

733 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2020-0101"
package = "conquer-once"
aliases = ["CVE-2020-36208"]
date = "2020-12-22"
url = "https://github.com/oliver-giersch/conquer-once/issues/3"
categories = ["memory-corruption", "thread-safety"]
keywords = ["concurrency"]

[versions]
patched = [">= 0.3.2"]
unaffected = []

conquer-once's OnceCell lacks Send bound for its Sync trait.

Affected versions of conquer-once implements Sync for its OnceCell type without restricting it to Sendable types.

This allows non-Send but Sync types such as MutexGuard to be sent across threads leading to undefined behavior and memory corruption in concurrent programs.

The issue was fixed by adding a Send constraint to OnceCell.