GHSA-8892-84wf-cg8f

Опубликовано: 25 авг. 2021

Источник: github

Github: Прошло ревью

CVSS3: 8.1

Описание

SyncChannel can move 'T: !Send' to other threads

Affected versions of this crate unconditionally implement Send/Sync for SyncChannel<T>. SyncChannel<T> doesn't provide access to &T but merely serves as a channel that consumes and returns owned T. Users can create UB in safe Rust by sending T: !Send to other threads with SyncChannel::send/recv APIs. Using T = Arc<Cell<_> allows to create data races (which can lead to memory corruption), and using T = MutexGuard<T> allows to unlock a mutex from a thread that didn't lock the mutex.

Ссылки

https://github.com/kitsuneninetails/signal-rust/issues/2
https://github.com/kitsuneninetails/signal-rust
https://rustsec.org/advisories/RUSTSEC-2020-0126.html

Пакеты

Наименование

signal-simple

rust

Затронутые версииВерсия исправления

<= 0.1.1

Отсутствует

8.1 High

CVSS3

Дефекты

CWE-362

8.1 High

CVSS3

Дефекты

CWE-362