CVE-2020-35879

Name of the Vulnerable Software and Affected Versions rulinalg versions through 2020-02-11

Description An issue was discovered in the rulinalg crate, where there are incorrect lifetime-boundary definitions for RowMut::raw slice and RowMut::raw slice mut. These definitions do not conform with Rust's borrowing rule, allowing the creation of multiple mutable references to the same location. This may result in unexpected calculation results and data races if both references are used at the same time.

Recommendations For versions through 2020-02-11, consider restricting the use of RowMut::raw slice and RowMut::raw slice mut to prevent creating multiple mutable references to the same location until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.