CVE-2020-36444

Name of the Vulnerable Software and Affected Versions async-coap crate versions through 2020-12-08

Description An issue was discovered in the async-coap crate where Send and Sync are implemented for ArcGuard<RC, T> without trait bounds on RC. This allows users to send RC: !Send to other threads and also allows users to concurrently access RC: !Sync from multiple threads, potentially resulting in memory corruption from data race or other undefined behavior caused by sending T: !Send to other threads.

Recommendations For async-coap crate versions through 2020-12-08, consider restricting the use of ArcGuard<RC, T> to prevent sending RC: !Send to other threads and concurrently accessing RC: !Sync from multiple threads until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.