PT-2020-17589 · Rust · May Queue

Published

2020-11-10

Updated

2021-08-25

CVE-2020-36217

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions may queue versions through 2020-11-10

Description An issue in the may queue crate for Rust can cause memory corruption due to the lack of bounds on its Send trait or Sync trait. This allows non-Sync types, such as Cell, to be shared across threads, leading to undefined behavior and memory corruption in concurrent programs.

Recommendations For may queue versions through 2020-11-10, consider restricting the Queue type to only Sendable and Syncable types to prevent memory corruption. As a temporary workaround, avoid using the Queue type with non-Sync types, such as Cell, in concurrent programs until a patch is available.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-662CWE-787

Related Identifiers

CVE-2020-36217

GHSA-PPHF-F93W-GC84

RUSTSEC-2020-0111

Affected Products

May Queue

PT-2020-17589 · Rust · May Queue

CVE-2020-36217

Weakness Enumeration

Related Identifiers

Affected Products

References · 8