RUSTSEC-2020-0088

Source
https://rustsec.org/advisories/RUSTSEC-2020-0088
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0088.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2020-0088
Aliases
Published
2020-11-29T12:00:00Z
Modified
2023-11-08T04:03:39.710071Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
MPMCConsumer/Producer allows sending non-Send type across threads
Details

Affected versions of this crate unconditionally implemented Sync and Send traits for MPMCConsumer and MPMCProducer types.

This allows users to send types that do not implement Send trait across thread boundaries, which can cause a data race.

The flaw was corrected in the 2.0.1 release by adding T: Send bound to affected Sync/Send trait implementations.

Database specific
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / magnetic

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
2.0.1

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "informational": null,
    "categories": [
        "thread-safety"
    ]
}