mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-13 21:18:11 +01:00

Files

github-actions[bot] 39a88f9c63 Assigned RUSTSEC-2020-0122 to beef (#697 )

Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>

2021-01-26 20:24:29 -05:00

714 B

Raw Blame History

[advisory]
id = "RUSTSEC-2020-0122"
package = "beef"
date = "2020-10-28"
url = "https://github.com/maciejhirsz/beef/issues/37"
categories = ["memory-corruption", "thread-safety"]

[versions]
patched = [">= 0.5.0"]

beef::Cow lacks a Sync bound on its Send trait allowing for data races

Affected versions of this crate did not have a T: Sync bound in the Send impl for Cow<'_, T, U>. This allows users to create data races by making Cow contain types that are (Send && !Sync) like Cell<_> or RefCell<_>.

Such data races can lead to memory corruption.

The flaw was corrected in commit d1c7658 by adding trait bounds T: Sync and T::Owned: Send to the Send impl for Cow<'_, T, U>.

714 B Raw Blame History

beef::Cow lacks a Sync bound on its Send trait allowing for data races

714 B

Raw Blame History