GHSA-3hj2-hh36-hv9v

Опубликовано: 25 авг. 2021

Источник: github

Github: Прошло ревью

CVSS3: 5.9

Описание

Data race in va-ts

In the affected versions of this crate, Demuxer unconditionally implemented Send with no trait bounds on T. This allows sending a non-Send type T across thread boundaries, which can cause undefined behavior like unlocking a mutex from a thread that didn't lock the mutex, or memory corruption from data race. The flaw was corrected in commit 0562cbf by adding a T: Send bound to the Send impl for Demuxer.

Ссылки

Пакеты

Наименование

va-ts

rust

Затронутые версииВерсия исправления

< 0.0.4

0.0.4

EPSS

Процентиль: 53%

0.00301

Низкий

5.9 Medium

CVSS3

CVE ID

CVE-2020-36220

Дефекты

CWE-662

CWE-667

CWE-787

Связанные уязвимости

CVE-2020-36220

CVSS3: 5.9

nvd

около 5 лет назад

An issue was discovered in the va-ts crate before 0.0.4 for Rust. Because Demuxer<T> omits a required T: Send bound, a data race and memory corruption can occur.

EPSS

Процентиль: 53%

0.00301

Низкий

5.9 Medium

CVSS3

CVE ID

CVE-2020-36220

Дефекты

CWE-662

CWE-667

CWE-787