RUSTSEC-2020-0140

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2020-0140

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0140.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2020-0140

Aliases

CVE-2020-36460
GHSA-mxv6-q98x-h958

Published

2020-11-10T12:00:00Z

Modified

2023-11-08T04:03:46.195914Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

`Shared` can cause a data race

Details

Shared data structure in model crate implements Send and Sync traits regardless of the inner type. This allows safe Rust code to trigger a data race, which is undefined behavior in Rust.

Users are advised to treat Shared as an unsafe type. It should not be used outside of the testing context, and care must be taken so that the testing code does not have a data race besides a race condition that is expected to be caught by the test.

Check the Rustonomicon for the difference between a data race and a general race condition.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / model

Package

Name: model; View open source insights on deps.dev
Purl: pkg:cargo/model

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "informational": "unsound",
    "categories": [
        "thread-safety"
    ]
}