GHSA-q2gj-9r85-p832

Suggest an improvement
Source
https://github.com/advisories/GHSA-q2gj-9r85-p832
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-q2gj-9r85-p832/GHSA-q2gj-9r85-p832.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-q2gj-9r85-p832
Aliases
Published
2021-08-25T20:48:09Z
Modified
2023-11-08T04:03:37.134824Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Data races in rulinalg
Details

The affected version of rulinalg has incorrect lifetime boundary definitions for RowMut::rawslice and RowMut::rawslice_mut. They do not conform with Rust's borrowing rule and allows the user to create multiple mutable references to the same location. This may result in unexpected calculation result and data race if both references are used at the same time.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-362"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2021-08-19T21:06:56Z"
}
References

Affected packages

crates.io / rulinalg

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.4.0
Last affected
0.4.2

Ecosystem specific

{
    "affected_functions": [
        "rulinalg::matrix::RowMut::raw_slice",
        "rulinalg::matrix::RowMut::raw_slice_mut"
    ]
}