Описание
Data races in conquer-once
Affected versions of conquer-once implements Sync for its OnceCell type without restricting it to Sendable types.
This allows non-Send but Sync types such as MutexGuard to be sent across threads leading to undefined behavior and memory corruption in concurrent programs.
The issue was fixed by adding a Send constraint to OnceCell.
Пакеты
Наименование
conquer-once
rust
Затронутые версииВерсия исправления
< 0.3.2
0.3.2
Связанные уязвимости
CVSS3: 7.8
nvd
около 5 лет назад
An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption.