rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
advisory-db/crates/rusb/RUSTSEC-2020-0098.md
Alexis Mousset 84c633df9c Update aliases from GHSA OSV export (#1693)
2023-06-13 15:10:24 +02:00

848 B
Raw Permalink Blame History 

[advisory]
id = "RUSTSEC-2020-0098"
package = "rusb"
aliases = ["CVE-2020-36206", "GHSA-9mxw-4856-9cm5"]
cvss = "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
date = "2020-12-18"
url = "https://github.com/a1ien/rusb/issues/44"
categories = ["memory-corruption", "thread-safety"]
keywords = ["concurrency"]
informational = "unsound"

[versions]
patched = [">= 0.7.0"]
unaffected = []

UsbContext trait did not require implementers to be Send and Sync.

Affected versions of rusb did not require UsbContext to implement Send and Sync. However, through Device and DeviceHandle it is possible to use UsbContexts across threads.

This issue allows non-thread safe UsbContext types to be used concurrently leading to data races and memory corruption.

The issue was fixed by adding Send and Sync bounds to UsbContext.