mirror of
https://github.com/rustsec/advisory-db.git
synced 2025-12-27 01:54:07 -05:00
598 B
598 B
[advisory]
id = "RUSTSEC-2020-0139"
package = "dces"
date = "2020-12-09"
url = "https://gitlab.redox-os.org/redox-os/dces-rust/-/issues/8"
categories = ["memory-corruption", "thread-safety"]
keywords = ["concurrency"]
aliases = ["CVE-2020-36459"]
cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
[versions]
patched = []
dces' World type can cause data races
The World type in dces is marked as Send without bounds on its
EntityStore and ComponentStore.
This allows non-thread safe EntityStore and ComponentStores to be sent
across threads and cause data races.