Skip to content

spin-rs initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers

Moderate severity GitHub Reviewed Published Apr 3, 2023 to the GitHub Advisory Database • Updated Apr 3, 2023

Package

cargo spin (Rust)

Affected versions

>= 0.9.3, < 0.9.8

Patched versions

0.9.8

Description

Once::try_call_once is unsound if invoked more than once concurrently and any call fails to initialise successfully.

References

Published to the GitHub Advisory Database Apr 3, 2023
Reviewed Apr 3, 2023
Last updated Apr 3, 2023

Severity

Moderate

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-2qv5-7mw5-j3cg

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.