mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00

Files

Alexander Kjäll f4a8973706 add cve info to advisories (#1099 )

* add cve info to advisories

* Put `aliases` field in the proper place

It should not be under `[versions]`

* move `aliases` to the proper place

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>

2021-11-06 21:37:35 +01:00

935 B

Raw Blame History

[advisory]
id = "RUSTSEC-2021-0072"
package = "tokio"
date = "2021-07-07"
url = "https://github.com/tokio-rs/tokio/issues/3929"
categories = ["memory-corruption"]
keywords = ["race condition", "send"]
aliases = ["CVE-2021-38191"]

[affected]
functions = { "tokio::task::JoinHandle::abort" = ["<= 1.8.0, >= 0.3.0"] }

[versions]
patched = [">= 1.5.1, < 1.6.0", ">= 1.6.3, < 1.7.0", ">= 1.7.2, < 1.8.0", ">= 1.8.1"]
unaffected = ["< 0.3.0"]

Task dropped in wrong thread when aborting `LocalSet` task

When aborting a task with JoinHandle::abort, the future is dropped in the thread calling abort if the task is not currently being executed. This is incorrect for tasks spawned on a LocalSet.

This can easily result in race conditions as many projects use Rc or RefCell in their Tokio tasks for better performance.

See tokio#3929 for more details.

935 B Raw Blame History

Task dropped in wrong thread when aborting LocalSet task

935 B

Raw Blame History

Task dropped in wrong thread when aborting `LocalSet` task