CVE-2020-36214

Name of the Vulnerable Software and Affected Versions multiqueue2 crate versions prior to 0.1.7

Description An issue in the multiqueue2 crate allows users to send non-Send types to other threads, which can lead to data race bugs or other undefined behavior. This occurs because the crate unconditionally implemented Send for types used in queue implementations, including InnerSend<RW, T>, InnerRecv<RW, T>, FutInnerSend<RW, T>, and FutInnerRecv<RW, T>. The flaw was corrected by adding a T: Send bound to the Send implementation of these data types.

Recommendations For versions prior to 0.1.7, update to version 0.1.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable queue implementations to prevent sending non-Send types to other threads.