mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-02-13 21:18:11 +01:00
632 B
632 B
[advisory]
id = "RUSTSEC-2020-0034"
package = "arr"
aliases = ["CVE-2020-35886", "CVE-2020-35887", "CVE-2020-35888"]
date = "2020-08-25"
url = "https://github.com/sjep/array/issues/1"
[versions]
patched = []
Multiple security issues including data race, buffer overflow, and uninitialized memory drop
arr crate contains multiple security issues. Specifically,
- It incorrectly implements Sync/Send bounds, which allows to smuggle non-Sync/Send types across the thread boundary.
IndexandIndexMutimplementation does not check the array bound.Array::new_from_template()drops uninitialized memory.