CVE-2020-36446

Name of the Vulnerable Software and Affected Versions signal-simple crate versions through 2020-11-15

Description An issue was discovered in the signal-simple crate where there are unconditional implementations of Send and Sync for SyncChannel. This allows users to create undefined behavior in safe Rust by sending T: !Send to other threads with SyncChannel::send/recv APIs. Using T = Arc<Cell< > can lead to data races and memory corruption, while using T = MutexGuard can allow unlocking a mutex from a thread that didn't lock it.

Recommendations For signal-simple crate versions through 2020-11-15, consider avoiding the use of SyncChannel with types that are not Send, such as Arc<Cell< > or MutexGuard, to prevent undefined behavior and potential memory corruption. As a temporary workaround, consider restricting the use of SyncChannel::send/recv APIs until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.