PT-2020-17614 · Ruspiro · Ruspiro-Singleton

Published

2020-11-16

Updated

2021-08-25

CVE-2020-36435

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ruspiro-singleton versions prior to 0.4.1

Description The issue arises from the unconditional implementation of Sync and Send in Singleton, allowing non-Sync types like Cell to be used in singletons. This can cause data races in concurrent programs. The flaw was corrected by adding trait bounds, requiring the contained type to implement Sync.

Recommendations For versions prior to 0.4.1, update to version 0.4.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of Singleton with non-Sync types to minimize the risk of data races.

Fix

Race Condition

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-119

Related Identifiers

CVE-2020-36435

GHSA-FQQ2-XP7M-XVM8

RUSTSEC-2020-0115

Affected Products

Ruspiro-Singleton

PT-2020-17614 · Ruspiro · Ruspiro-Singleton

CVE-2020-36435

Weakness Enumeration

Related Identifiers

Affected Products

References · 11