PT-2020-17580 · Rust · Late-Static Crate

Published

2020-11-10

Updated

2021-08-25

CVE-2020-36209

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions late-static crate versions prior to 0.4.0

Description An issue in the late-static crate allows a data race to occur because Sync is implemented for LateStatic with T: Send. This can result in a data race to a type T: Send + !Sync, such as Cell, leading to memory corruption or undefined behavior.

Recommendations For versions prior to 0.4.0, update to version 0.4.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of Sync with T: Send for LateStatic to minimize the risk of data races. Restrict access to types that implement T: Send + !Sync, such as Cell, to prevent potential memory corruption or undefined behavior.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-662

Related Identifiers

CVE-2020-36209

GHSA-WR55-MF5C-HHWM

RUSTSEC-2020-0102

Affected Products

Late-Static Crate

PT-2020-17580 · Rust · Late-Static Crate

CVE-2020-36209

Weakness Enumeration

Related Identifiers

Affected Products

References · 10