CVE-2020-35915

Name of the Vulnerable Software and Affected Versions futures-intrusive crate versions prior to 0.4.0

Description An issue in the futures-intrusive crate allows cross-thread data races of non-Sync types due to the GenericMutexGuard being given the Sync auto trait as long as the type T is Send. This soundness issue can lead to data races, potentially causing crashes and segfaults from safe Rust code. The issue arises because the guard represents an acquired lock and allows concurrent access to the underlying data from different threads, but it should only be Sync when the underlying data is.

Recommendations For versions prior to 0.4.0, update to version 0.4.0 or later, which includes the correction by adding a T: Send + Sync bound for GenericMutexGuard's Sync trait.