Описание
Out-of-bounds Write and Race Condition in metrics-util
In the affected versions of the crate, AtomicBucket unconditionally implements Send/Sync traits. Therefore, users can create a data race to the inner T: !Sync by using the AtomicBucket::data_with() API. Such data races can potentially cause memory corruption or other undefined behavior.
The flaw was fixed in commit 8e6daab by adding appropriate Send/Sync bounds to the Send/Sync impl of struct Block (which is a data type contained inside AtomicBucket).
Ссылки
Пакеты
Наименование
metrics-util
rust
Затронутые версииВерсия исправления
< 0.7.0
0.7.0
Связанные уязвимости
CVSS3: 8.1
nvd
около 4 лет назад
An issue was discovered in the metrics-util crate before 0.7.0 for Rust. There is a data race and memory corruption because AtomicBucket<T> unconditionally implements the Send and Sync traits.