PT-2020-6640 · Unknown+1 · Generator-Rs+1

Published

2020-11-16

Updated

2021-08-25

CVE-2020-36471

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions generator-rs versions prior to 0.7.0

Description The issue is related to the lack of Send bounds in the generator function of the generator-rs crate, which can lead to data races when types like Rc are sent across threads. This can be exploited by a remote attacker to cause a denial of service.

Recommendations For versions prior to 0.7.0, update to version 0.7.0 or later to fix the issue by enforcing Send bounds on the generator function. As a temporary workaround, consider avoiding the use of types like Rc in the generator function to minimize the risk of data races.

Exploit

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-136CWE-362

Related Identifiers

BDU:2022-02041

CVE-2020-36471

GHSA-W3G5-2848-2V8R

RUSTSEC-2020-0151

Affected Products

Debian

Generator-Rs

PT-2020-6640 · Unknown+1 · Generator-Rs+1

CVE-2020-36471

Weakness Enumeration

Related Identifiers

Affected Products

References · 16