mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00

Files

Yechan Bae b724f12a5b Update CVE numbers (#777 )

* Update CVE numbers

* Fix RUSTSEC-2020-0093

* Add another alias for async-h1 crate

2021-02-25 20:00:25 -05:00

658 B

Raw Blame History

[advisory]
id = "RUSTSEC-2020-0108"
package = "eventio"
aliases = ["CVE-2020-36216"]
date = "2020-12-20"
url = "https://github.com/petabi/eventio/issues/33"
categories = ["memory-corruption", "thread-safety"]

[versions]
patched = [">= 0.5.1"]

Soundness issue: Input can be misused to create data race to an object

Input<R> implements Send without requiring R: Send.

Affected versions of this crate allows users to send non-Send types to other threads, which can lead to undefined behavior such as data race and memory corruption.

The flaw was corrected in version 0.5.1 by adding R: Send bound to the Send impl of Input<R>.

658 B Raw Blame History

Soundness issue: Input can be misused to create data race to an object

658 B

Raw Blame History