OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
f2f59e4ec9d8131cd33fdd2167221ead09f4f9db
advisory-db/crates/atomic-option/RUSTSEC-2020-0113.md
Yechan Bae b724f12a5b Update CVE numbers (#777) 
* Update CVE numbers

* Fix RUSTSEC-2020-0093

* Add another alias for async-h1 crate
2021-02-25 20:00:25 -05:00

709 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2020-0113"
package = "atomic-option"
aliases = ["CVE-2020-36219"]
date = "2020-10-31"
url = "https://github.com/reem/rust-atomic-option/issues/4"
categories = ["memory-corruption", "thread-safety"]

[versions]
patched = []

AtomicOption should have Send + Sync bound on its type argument.

In the affected versions of this crate, AtomicOption<T> unconditionally implements Sync.

This allows programmers to move non-Sync types across thread boundaries (e.g. Rc<T>, Arc<Cell<T>>), which can lead to data races and undefined behavior. It is also possible to send non-Send types like std::sync::MutexGuard to other threads, which can lead to undefined behavior.