mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-01-21 02:51:04 +01:00
f494f83f8e
looks like RUSTSEC-2020-0036 might be a special case, someone got a cve for that the crate is unmaintained
21 lines
745 B
Markdown
21 lines
745 B
Markdown
```toml
|
|
[advisory]
|
|
id = "RUSTSEC-2020-0125"
|
|
package = "convec"
|
|
date = "2020-11-24"
|
|
url = "https://github.com/krl/convec/issues/2"
|
|
categories = ["memory-corruption", "thread-safety"]
|
|
aliases = ["CVE-2020-36445"]
|
|
|
|
[versions]
|
|
patched = []
|
|
```
|
|
|
|
# convec::ConVec<T> unconditionally implements Send/Sync
|
|
|
|
Affected versions of this crate unconditionally implement Send/Sync for `ConVec<T>`.
|
|
This allows users to insert `T` that is not Send or not Sync.
|
|
|
|
This allows users to create data races by using non-Send types like `Arc<Cell<_>>` or `Rc<_>` as `T` in `ConVec<T>`. It is also possible to create data races by using types like `Cell<_>` or `RefCell<_>` as `T` (types that are `Send` but not `Sync`).
|
|
Such data races can lead to memory corruption.
|