PT-2020-17577 · Rust · Rusb

Published

2020-12-18

Updated

2021-08-25

CVE-2020-36206

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions rusb versions prior to 0.7.0

Description The issue is related to a lack of Send and Sync bounds in the rusb crate, which can lead to data races and memory corruption. This occurs because UsbContext types that are not thread-safe can be used concurrently through Device and DeviceHandle across threads.

Recommendations For versions prior to 0.7.0, update to version 0.7.0 or later, which includes the fix by adding Send and Sync bounds to UsbContext. As a temporary workaround, consider avoiding the use of UsbContexts across threads to minimize the risk of data races and memory corruption.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-662CWE-787

Related Identifiers

CVE-2020-36206

GHSA-9MXW-4856-9CM5

RUSTSEC-2020-0098

Affected Products

Rusb

PT-2020-17577 · Rust · Rusb

CVE-2020-36206

Weakness Enumeration

Related Identifiers

Affected Products

References · 8