OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
db3a09a691b8144fb2e0becfbc5ca34aebce7d0c
advisory-db/crates/disrustor/RUSTSEC-2020-0150.md
Sebastian Klose 0ff38eb722 Update RUSTSEC-2020-0150.md (#1199) 
This CVE has been fixed in version 0.3. Please see https://github.com/sklose/disrustor/issues/1 for details.
2022-02-21 16:23:42 -05:00

719 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2020-0150"
package = "disrustor"
date = "2020-12-17"
url = "https://github.com/sklose/disrustor/issues/1"
categories = ["memory-corruption", "thread-safety"]
aliases = ["CVE-2020-36470"]
cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"

[versions]
patched = [">= 0.3"]

RingBuffer can create multiple mutable references and cause data races

The RingBuffer type retrieves mutable references from the DataProvider in a non-atomic manner, potentially allowing the creation of multiple mutable references. RingBuffer also implements the Send and Sync traits for all types T.

This allows undefined behavior from the aliased mutable references as well as data races.