mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00

Files

Yechan Bae b724f12a5b Update CVE numbers (#777 )

* Update CVE numbers

* Fix RUSTSEC-2020-0093

* Add another alias for async-h1 crate

2021-02-25 20:00:25 -05:00

771 B

Raw Blame History

[advisory]
id = "RUSTSEC-2020-0098"
package = "rusb"
aliases = ["CVE-2020-36206"]
date = "2020-12-18"
url = "https://github.com/a1ien/rusb/issues/44"
categories = ["memory-corruption", "thread-safety"]
keywords = ["concurrency"]
informational = "unsound"

[versions]
patched = [">= 0.7.0"]
unaffected = []

UsbContext trait did not require implementers to be Send and Sync.

Affected versions of rusb did not require UsbContext to implement Send and Sync. However, through Device and DeviceHandle it is possible to use UsbContexts across threads.

This issue allows non-thread safe UsbContext types to be used concurrently leading to data races and memory corruption.

The issue was fixed by adding Send and Sync bounds to UsbContext.

771 B Raw Blame History

UsbContext trait did not require implementers to be Send and Sync.

771 B

Raw Blame History