mirror of
https://github.com/OMGeeky/advisory-db.git
synced 2026-01-05 11:10:38 +01:00
f494f83f8e
looks like RUSTSEC-2020-0036 might be a special case, someone got a cve for that the crate is unmaintained
25 lines
712 B
Markdown
25 lines
712 B
Markdown
```toml
|
|
[advisory]
|
|
id = "RUSTSEC-2020-0118"
|
|
package = "tiny_future"
|
|
date = "2020-12-08"
|
|
url = "https://github.com/KizzyCode/tiny_future/issues/1"
|
|
categories = ["memory-corruption", "thread-safety"]
|
|
keywords = ["concurrency"]
|
|
aliases = ["CVE-2020-36438"]
|
|
|
|
[versions]
|
|
patched = [">= 0.4.0"]
|
|
```
|
|
|
|
# Future<T> lacks bounds on Send and Sync.
|
|
|
|
`tiny_future` contains a light-weight implementation of `Future`s. The `Future`
|
|
type it has lacked bound on its `Send` and `Sync` traits.
|
|
|
|
This allows for a bug where non-thread safe types such as `Cell` can be used in
|
|
`Future`s and cause data races in concurrent programs.
|
|
|
|
The flaw was corrected in commit `c791919` by adding trait bounds to `Future`'s
|
|
`Send` and `Sync`.
|