mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-15 22:04:38 +01:00

Files

Yechan Bae b724f12a5b Update CVE numbers (#777 )

* Update CVE numbers

* Fix RUSTSEC-2020-0093

* Add another alias for async-h1 crate

2021-02-25 20:00:25 -05:00

693 B

Raw Blame History

[advisory]
id = "RUSTSEC-2020-0102"
package = "late-static"
aliases = ["CVE-2020-36209"]
date = "2020-11-10"
url = "https://github.com/Richard-W/late-static/issues/1"
categories = ["memory-corruption", "thread-safety"]

[versions]
patched = [">= 0.4.0"]

LateStatic has incorrect Sync bound

Affected versions of this crate implemented Sync for LateStatic with T: Send, so that it is possible to create a data race to a type T: Send + !Sync (e.g. Cell<T>).

This can result in a memory corruption or other kinds of undefined behavior.

The flaw was corrected in commit 11f396c by replacing the T: Send bound to T: Sync bound in the Sync impl for LateStatic<T>.

693 B Raw Blame History

LateStatic has incorrect Sync bound

693 B

Raw Blame History