CVE-2020-35908

Name of the Vulnerable Software and Affected Versions futures-util crate versions prior to 0.3.2

Description The issue concerns the FuturesUnordered structure in the futures-util crate, where an unsound Sync implementation can lead to data corruption due to mishandled synchronization. Specifically, the use of a Cell for interior mutability without proper access synchronization to the underlying task list's length and head can cause incorrect values to be seen by multiple threads modifying the list simultaneously.

Recommendations For versions prior to 0.3.2, update to version 0.3.2 or later to fix the issue by adding access synchronization code around task insertion into the list.