OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
36df8a4efc6f2da4ccc7ced0d431136f473b2001
advisory-db/crates/cgc/RUSTSEC-2020-0148.md
Alexis Mousset 8c05fea5fa Add cvss information from nvd (#1085)
2021-10-19 16:14:35 -06:00

844 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2020-0148"
package = "cgc"
date = "2020-12-10"
url = "https://github.com/playXE/cgc/issues/5"
categories = ["memory-corruption"]
keywords = ["memory-safety", "aliasing", "concurrency"]
aliases = ["CVE-2020-36466", "CVE-2020-36467", "CVE-2020-36468"]
cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"

[versions]
patched = []

Multiple soundness issues in Ptr

Affected versions of this crate have the following issues:

  1. Ptr implements Send and Sync for all types, this can lead to data races by sending non-thread safe types across threads.

  2. Ptr::get violates mutable alias rules by returning multiple mutable references to the same object.

  3. Ptr::write uses non-atomic writes to the underlying pointer. This means that when used across threads it can lead to data races.