RUSTSEC-2020-0070

Source
https://rustsec.org/advisories/RUSTSEC-2020-0070
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0070.json
JSON Data
https://api.test.osv.dev/v1/vulns/RUSTSEC-2020-0070
Aliases
Published
2020-11-08T12:00:00Z
Modified
2023-11-02T05:41:12.215845Z
Summary
Some lock_api lock guard objects can cause data races
Details

Affected versions of lock_api had unsound implementations of the Send or Sync traits for some guard objects, namely:

  • MappedMutexGuard
  • MappedRwLockReadGuard
  • MappedRwLockWriteGuard
  • RwLockReadGuard
  • RwLockWriteGuard

These guards could allow data races through types that are not safe to Send across thread boundaries in safe Rust code.

This issue was fixed by changing the trait bounds on the Mapped guard types and removing the Sync trait for the RwLock guards.

Database specific
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / lock_api

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.0.0-0
Fixed
0.4.2

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [
            "lock_api::MappedMutexGuard",
            "lock_api::MappedRwLockReadGuard",
            "lock_api::MappedRwLockWriteGuard",
            "lock_api::RwLockReadGuard",
            "lock_api::RwLockWriteGuard"
        ],
        "arch": []
    }
}

Database specific

{
    "cvss": null,
    "informational": "unsound",
    "categories": [
        "memory-corruption",
        "thread-safety"
    ]
}