RUSTSEC-2020-0150

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2020-0150

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0150.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2020-0150

Aliases

CVE-2020-36470
GHSA-w9r2-qrpm-4rmj

Published

2020-12-17T12:00:00Z

Modified

2023-11-08T04:03:46.808812Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

RingBuffer can create multiple mutable references and cause data races

Details

The RingBuffer type retrieves mutable references from the DataProvider in a non-atomic manner, potentially allowing the creation of multiple mutable references. RingBuffer also implements the Send and Sync traits for all types T.

This allows undefined behavior from the aliased mutable references as well as data races.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / disrustor

Package

Name: disrustor; View open source insights on deps.dev
Purl: pkg:cargo/disrustor

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Fixed

0.3.0

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "informational": null,
    "categories": [
        "memory-corruption",
        "thread-safety"
    ]
}