Описание
Data race in eventio
Input implements Send without requiring R: Send.
Affected versions of this crate allows users to send non-Send types to other threads, which can lead to undefined behavior such as data race and memory corruption.
The flaw was corrected in version 0.5.1 by adding R: Send bound to the Send impl of Input.
Пакеты
Наименование
eventio
rust
Затронутые версииВерсия исправления
< 0.5.1
0.5.1
Связанные уязвимости
CVSS3: 5.9
nvd
около 5 лет назад
An issue was discovered in Input<R> in the eventio crate before 0.5.1 for Rust. Because a non-Send type can be sent to a different thread, a data race and memory corruption can occur.