RUSTSEC-2019-0018

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2019-0018

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2019-0018.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2019-0018

Aliases

Published

2019-09-02T12:00:00Z

Modified

2023-11-08T04:01:16.345435Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Internally mutating methods take immutable ref self

Details

Affected versions of this crate exposed several methods which took self by immutable reference, despite the requesting the RenderDoc API to set a mutable value internally.

This is technically unsound and calling these methods from multiple threads without synchronization could lead to unexpected and unpredictable behavior.

The flaw was corrected in release 0.5.0.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / renderdoc

Package

Name: renderdoc; View open source insights on deps.dev
Purl: pkg:cargo/renderdoc

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Fixed

0.5.0

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [
            "renderdoc::api::RenderDocV110::trigger_multi_frame_capture",
            "renderdoc::api::RenderDocV120::set_capture_file_comments"
        ],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "informational": null,
    "categories": []
}