PT-2020-17579 · Rust · Conquer-Once

Published

2020-12-22

Updated

2021-08-25

CVE-2020-36208

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions conquer-once versions prior to 0.3.2

Description An issue in the conquer-once crate allows non-Send but Sync types, such as MutexGuard, to be sent across threads, leading to undefined behavior and memory corruption in concurrent programs. This occurs because the OnceCell type implements Sync without restricting it to Sendable types.

Recommendations For versions prior to 0.3.2, update to version 0.3.2 or later, which includes a fix that adds a Send constraint to OnceCell.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-662CWE-787

Related Identifiers

CVE-2020-36208

GHSA-3JC5-5HC5-33GJ

RUSTSEC-2020-0101

Affected Products

Conquer-Once

PT-2020-17579 · Rust · Conquer-Once

CVE-2020-36208

Weakness Enumeration

Related Identifiers

Affected Products

References · 8