Skip to content

Data races in reffers

Moderate severity GitHub Reviewed Published Aug 25, 2021 to the GitHub Advisory Database • Updated Jun 13, 2023

Package

cargo reffers (Rust)

Affected versions

< 0.6.1

Patched versions

0.6.1

Description

ARefss<'a, V> is a type that is assumed to contain objects that are Send + Sync.

In the affected versions of this crate, Send/Sync traits are unconditionally implemented for ARefss<'a, V>.

By using the ARefss::map() API, we can insert a !Send or !Sync object into ARefss<'a, V>. After that, it is possible to create a data race to the inner object of ARefss<'a, V>, which can lead to undefined behavior & memory corruption.

The flaw was corrected in commit 6dd7ca0 by adding trait bound V: Send + Sync to ARefss::map() API.

References

Reviewed Aug 19, 2021
Published to the GitHub Advisory Database Aug 25, 2021
Last updated Jun 13, 2023

Severity

Moderate
4.7
/ 10

CVSS base metrics

Attack vector
Local
Attack complexity
High
Privileges required
Low
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Weaknesses

CVE ID

CVE-2020-36203

GHSA ID

GHSA-39xg-8p43-h76x

Source code

Checking history
See something to contribute? Suggest improvements for this vulnerability.