CVE-2020-36436

Name of the Vulnerable Software and Affected Versions unicycle crate versions prior to 0.7.1

Description The issue allows sending non-Send types to other threads and concurrently accessing non-Sync types from multiple threads. This can result in a data race and memory corruption when types that provide internal mutability without synchronization are contained within PinSlab<T> or Unordered<T, S> and accessed concurrently from multiple threads.

Recommendations For versions prior to 0.7.1, update to version 0.7.1 or later, which includes the corrected commits 92f40b4 and 6a6c367 that add trait bounds T: Send and T: Sync to the Send and Sync implementations for PinSlab<T> and Unordered<T, S>. As a temporary workaround, consider avoiding concurrent access to types contained within PinSlab<T> or Unordered<T, S> that provide internal mutability without synchronization.