RUSTSEC-2020-0061
- Source
- https://rustsec.org/advisories/RUSTSEC-2020-0061
- Import Source
- https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0061.json
- JSON Data
- https://api.osv.dev/v1/vulns/RUSTSEC-2020-0061
- Aliases
-
- CVE-2020-35907
- GHSA-p9m5-3hj7-cp5r
- Published
- 2020-05-03T12:00:00Z
- Modified
- 2023-11-08T04:03:38.673466Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer
- Details
-
Affected versions of the crate used a
UnsafeCellin thread-local storage to return a noop waker reference, assuming that the reference would never be returned from another thread.This resulted in a segmentation fault crash if
Waker::wake_by_ref()was called on a waker returned from another thread due to it attempting to dereference a pointer that wasn't accessible from the main thread.Reproduction Example (from issue):
use futures_task::noop_waker_ref; fn main() { let waker = std::thread::spawn(|| noop_waker_ref()).join().unwrap(); waker.wake_by_ref(); }The flaw was corrected by using a
OnceCell::Lazy<>wrapper around the noop waker instead of thread-local storage. - Database specific
{ "license": "CC0-1.0" }- References
Affected packages
crates.io / futures-task
Package
- Name
- futures-task
- View open source insights on deps.dev
- Purl
- pkg:cargo/futures-task