RUSTSEC-2020-0070

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2020-0070

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0070.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2020-0070

Aliases

Published

2020-11-08T12:00:00Z

Modified

2024-03-15T00:05:20.102470Z

Summary

Some lock_api lock guard objects can cause data races

Details

Affected versions of lock_api had unsound implementations of the Send or Sync traits for some guard objects, namely:

MappedMutexGuard
MappedRwLockReadGuard
MappedRwLockWriteGuard
RwLockReadGuard
RwLockWriteGuard

These guards could allow data races through types that are not safe to Send across thread boundaries in safe Rust code.

This issue was fixed by changing the trait bounds on the Mapped guard types and removing the Sync trait for the RwLock guards.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / lock_api

Package

Name: lock_api; View open source insights on deps.dev
Purl: pkg:cargo/lock_api

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Fixed

0.4.2

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [
            "lock_api::MappedMutexGuard",
            "lock_api::MappedRwLockReadGuard",
            "lock_api::MappedRwLockWriteGuard",
            "lock_api::RwLockReadGuard",
            "lock_api::RwLockWriteGuard"
        ],
        "arch": []
    }
}

Database specific

{
    "cvss": null,
    "informational": "unsound",
    "categories": [
        "memory-corruption",
        "thread-safety"
    ]
}