PT-2020-17556 · Rust · Try-Mutex

Published

2020-11-17

Updated

2021-08-25

CVE-2020-35924

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions try-mutex crate versions prior to 0.3.0

Description An issue in the try-mutex crate allows cross-thread sending of a non-Send type, which can cause a data race. This occurs because affected versions of the crate unconditionally implemented the Sync trait for the TryMutex<T> type, enabling users to put non-Send T type in TryMutex and send it to another thread.

Recommendations For versions prior to 0.3.0, update to version 0.3.0 or later, which includes the correction by adding the T: Send bound for the Sync trait implementation. As a temporary workaround, consider avoiding the use of TryMutex with non-Send types until the update is applied.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2020-35924

GHSA-64J8-7GP2-XJX5

RUSTSEC-2020-0087

Affected Products

Try-Mutex

PT-2020-17556 · Rust · Try-Mutex

CVE-2020-35924

Weakness Enumeration

Related Identifiers

Affected Products

References · 8