PT-2020-17625 · Rust · Convec Crate

Published

2020-11-24

Updated

2021-08-25

CVE-2020-36445

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions convec crate through 2020-11-24

Description The issue allows users to insert types that are not Send or not Sync into ConVec<T>, enabling the creation of data races. This can be achieved by using non-Send types like Arc<Cell< >> or Rc< > as T in ConVec<T>, or by using types like Cell< > or RefCell< > as T, which are Send but not Sync. Such data races can lead to memory corruption.

Recommendations For the convec crate through 2020-11-24, consider avoiding the use of non-Send or non-Sync types as T in ConVec<T> to prevent data races. As a temporary workaround, restrict the use of ConVec<T> with types that are not Send or Sync until a fix is available.

Fix

Race Condition

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-119

Related Identifiers

CVE-2020-36445

GHSA-RPXM-VMR7-5F5F

RUSTSEC-2020-0125

Affected Products

Convec Crate

PT-2020-17625 · Rust · Convec Crate

CVE-2020-36445

Weakness Enumeration

Related Identifiers

Affected Products

References · 9