Описание
Data races in beef
An issue was discovered in the beef crate before 0.5.0 for Rust.
Affected versions of this crate did not have a T: Sync bound in the Send impl for Cow<'_, T, U>. This allows users to create data races by making Cow contain types that are (Send && !Sync) like Cell<_> or RefCell<_>.
Such data races can lead to memory corruption.
The flaw was corrected in commit d1c7658 by adding trait bounds T: Sync and T::Owned: Send to the Send impl for Cow<'_, T, U>.
Пакеты
Наименование
beef
rust
Затронутые версииВерсия исправления
< 0.5.0
0.5.0
Связанные уязвимости
CVSS3: 8.1
nvd
больше 4 лет назад
An issue was discovered in the beef crate before 0.5.0 for Rust. beef::Cow has no Sync bound on its Send trait.