GHSA-fg42-vwxx-xx5j
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fg42-vwxx-xx5j
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-fg42-vwxx-xx5j/GHSA-fg42-vwxx-xx5j.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-fg42-vwxx-xx5j
- Aliases
-
- CVE-2020-36438
- GHSA-m296-j53x-xv95
- RUSTSEC-2020-0118
- Published
- 2021-08-25T20:58:53Z
- Modified
- 2023-11-08T04:03:44.842730Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Data race in tiny_future
- Details
-
tiny_future contains a light-weight implementation of Futures. The Future type it has lacked bound on its Send and Sync traits. This allows for a bug where non-thread safe types such as Cell can be used in Futures and cause data races in concurrent programs. The flaw was corrected in commit
c791919by adding trait bounds to Future's Send and Sync. - Database specific
{ "nvd_published_at": "2021-08-08T06:15:00Z", "cwe_ids": [ "CWE-119", "CWE-362" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2021-08-09T22:41:30Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-36438
- https://github.com/KizzyCode/tiny_future/issues/1
- https://github.com/KizzyCode/tiny_future-rust/commit/c7919199a0f6d1ce0e3c33499d1b37f862c990e4
- https://github.com/KizzyCode/tiny_future
- https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/tiny_future/RUSTSEC-2020-0118.md
- https://rustsec.org/advisories/RUSTSEC-2020-0118.html
Affected packages
crates.io / tiny_future
Package
- Name
- tiny_future
- View open source insights on deps.dev
- Purl
- pkg:cargo/tiny_future