rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
8c05fea5fa6e1776c015b855eebaa344d00e28a7
advisory-db/crates/late-static/RUSTSEC-2020-0102.md
Alexis Mousset 8c05fea5fa Add cvss information from nvd (#1085)
2021-10-19 16:14:35 -06:00

747 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2020-0102"
package = "late-static"
aliases = ["CVE-2020-36209"]
cvss = "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
date = "2020-11-10"
url = "https://github.com/Richard-W/late-static/issues/1"
categories = ["memory-corruption", "thread-safety"]

[versions]
patched = [">= 0.4.0"]

LateStatic has incorrect Sync bound

Affected versions of this crate implemented Sync for LateStatic with T: Send, so that it is possible to create a data race to a type T: Send + !Sync (e.g. Cell<T>).

This can result in a memory corruption or other kinds of undefined behavior.

The flaw was corrected in commit 11f396c by replacing the T: Send bound to T: Sync bound in the Sync impl for LateStatic<T>.