RUSTSEC-2020-0149

See a problem?
Please try reporting it to the source first.
Source
https://rustsec.org/advisories/RUSTSEC-2020-0149
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0149.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2020-0149
Aliases
Published
2020-11-15T12:00:00Z
Modified
2023-11-08T04:03:46.748675Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Data race and memory safety issue in `Index`
Details

The appendix crate implements a key-value mapping data structure called Index<K, V> that is stored on disk. The crate allows for any type to inhabit the generic K and V type parameters and implements Send and Sync for them unconditionally.

Using a type that is not marked as Send or Sync with Index can allow it to be used across multiple threads leading to data races. Additionally using reference types for the keys or values will lead to the segmentation faults in the crate's code.

Database specific 
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / appendix

Package

Name
appendix
View open source insights on deps.dev
Purl
pkg:cargo/appendix

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0

Ecosystem specific 

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific 

{
    "cvss": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "informational": null,
    "categories": [
        "memory-corruption",
        "thread-safety"
    ]
}