PT-2020-17620 · Rust · Libsbc

Published

2020-11-10

Updated

2021-08-25

CVE-2020-36440

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libsbc crate versions prior to 0.1.5

Description The issue allows Decoder<R> to contain R: !Send and carry it to another thread, resulting in undefined behavior such as memory corruption from data race on R, or dropping R = MutexGuard< > from a thread that didn't lock the mutex.

Recommendations For versions prior to 0.1.5, update to version 0.1.5 or later to resolve the issue. As a temporary workaround, consider adding a trait bound R: Send to the Send impl for Decoder<R> to prevent Decoder<R> from containing R: !Send.

Fix

Race Condition

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-119

Related Identifiers

CVE-2020-36440

GHSA-F6G6-54HM-FHXV

RUSTSEC-2020-0120

Affected Products

Libsbc

PT-2020-17620 · Rust · Libsbc

CVE-2020-36440

Weakness Enumeration

Related Identifiers

Affected Products

References · 10