Описание
Data races in generator
The Generator type is an iterable which uses a generator function that yields
values. In affected versions of the crate, the provided function yielding values
had no Send bounds despite the Generator itself implementing Send.
The generator function lacking a Send bound means that types that are
dangerous to send across threads such as Rc could be sent as part of a
generator, potentially leading to data races.
This flaw was fixed in commit f7d120a3b
by enforcing that the generator function be bound by Send.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-36471
- https://github.com/Xudong-Huang/generator-rs/issues/27
- https://github.com/Xudong-Huang/generator-rs/commit/f7d120a3b724d06a7b623d0a4306acf8f78cb4f0
- https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/generator/RUSTSEC-2020-0151.md
- https://rustsec.org/advisories/RUSTSEC-2020-0151.html
Пакеты
generator
< 0.7.0
0.7.0
Связанные уязвимости
An issue was discovered in the generator crate before 0.7.0 for Rust. It does not ensure that a function (for yielding values) has Send bounds.
An issue was discovered in the generator crate before 0.7.0 for Rust. It does not ensure that a function (for yielding values) has Send bounds.
An issue was discovered in the generator crate before 0.7.0 for Rust. ...
Уязвимость библиотеки генератора стека языка Rust Generator-rs, связанная с некорректным преобразованием типа данных, позволяющая нарушителю вызвать отказ в обслуживании