mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00

Files

github-actions[bot] d5c7ae1c71 Assigned RUSTSEC-2021-0112 to tectonic_xdv, RUSTSEC-2021-0113 to metrics-util (#1050 )

Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>

2021-09-18 23:35:48 +02:00

773 B

Raw Blame History

[advisory]
id = "RUSTSEC-2021-0113"
package = "metrics-util"
date = "2021-04-07"
url = "https://github.com/metrics-rs/metrics/issues/190"
categories = ["memory-corruption", "thread-safety"]
[versions]
patched = [">= 0.7.0"]

AtomicBucket unconditionally implements Send/Sync

In the affected versions of the crate, AtomicBucket<T> unconditionally implements Send/Sync traits. Therefore, users can create a data race to the inner T: !Sync by using the AtomicBucket::data_with() API. Such data races can potentially cause memory corruption or other undefined behavior.

The flaw was fixed in commit 8e6daab by adding appropriate Send/Sync bounds to the Send/Sync impl of struct Block<T> (which is a data type contained inside AtomicBucket<T>).

773 B Raw Blame History

AtomicBucket unconditionally implements Send/Sync

773 B

Raw Blame History