PT-2020-17642 · Rust · Model Crate

Published

2020-11-10

Updated

2021-08-25

CVE-2020-36460

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions model crate through 2020-11-10

Description An issue was discovered in the Shared data structure, which implements the Send and Sync traits without regard for the inner type. This allows safe Rust code to trigger a data race, which is undefined behavior in Rust. Users are advised to treat Shared as an unsafe type.

Recommendations For model crate through 2020-11-10, users are advised to treat Shared as an unsafe type and not use it outside of the testing context. Care must be taken to ensure that the testing code does not have a data race, besides a race condition that is expected to be caught by the test.

Exploit

Fix

Type Confusion

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-843CWE-362

Related Identifiers

CVE-2020-36460

GHSA-MXV6-Q98X-H958

RUSTSEC-2020-0140

Affected Products

Model Crate

PT-2020-17642 · Rust · Model Crate

CVE-2020-36460

Weakness Enumeration

Related Identifiers

Affected Products

References · 11