PT-2020-17588 · Rust · Eventio

Published

2020-12-20

Updated

2021-08-25

CVE-2020-36216

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions eventio crate versions prior to 0.5.1

Description An issue in the eventio crate allows a non-Send type to be sent to a different thread, potentially causing a data race and memory corruption. This occurs because Input<R> implements Send without requiring R: Send, leading to undefined behavior when non-Send types are sent to other threads.

Recommendations For versions prior to 0.5.1, update to version 0.5.1 or later, which includes the R: Send bound to the Send impl of Input<R>, correcting the flaw.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-662CWE-787

Related Identifiers

CVE-2020-36216

GHSA-69VJ-XX27-G45W

RUSTSEC-2020-0108

Affected Products

Eventio

PT-2020-17588 · Rust · Eventio

CVE-2020-36216

Weakness Enumeration

Related Identifiers

Affected Products

References · 8