mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-02-15 22:04:38 +01:00
621 B
621 B
[advisory]
id = "RUSTSEC-2020-0139"
package = "dces"
date = "2020-12-09"
url = "https://gitlab.redox-os.org/redox-os/dces-rust/-/issues/8"
categories = ["memory-corruption", "thread-safety"]
keywords = ["concurrency"]
aliases = ["CVE-2020-36459", "GHSA-hxw9-jxqw-jc8j"]
cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
[versions]
patched = []
dces' World type can cause data races
The World type in dces is marked as Send without bounds on its
EntityStore and ComponentStore.
This allows non-thread safe EntityStore and ComponentStores to be sent
across threads and cause data races.