mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-01-06 19:49:45 +01:00
f494f83f8e
looks like RUSTSEC-2020-0036 might be a special case, someone got a cve for that the crate is unmaintained
25 lines
794 B
Markdown
25 lines
794 B
Markdown
```toml
|
|
[advisory]
|
|
id = "RUSTSEC-2020-0149"
|
|
package = "appendix"
|
|
date = "2020-11-15"
|
|
url = "https://github.com/krl/appendix/issues/6"
|
|
categories = ["memory-corruption", "thread-safety"]
|
|
aliases = ["CVE-2020-36469"]
|
|
|
|
[versions]
|
|
patched = []
|
|
```
|
|
|
|
# Data race and memory safety issue in `Index`
|
|
|
|
The `appendix` crate implements a key-value mapping data structure called
|
|
`Index<K, V>` that is stored on disk. The crate allows for any type to inhabit
|
|
the generic `K` and `V` type parameters and implements Send and Sync for them
|
|
unconditionally.
|
|
|
|
Using a type that is not marked as `Send` or `Sync` with `Index` can allow it
|
|
to be used across multiple threads leading to data races. Additionally using
|
|
reference types for the keys or values will lead to the segmentation faults
|
|
in the crate's code.
|