PT-2021-17725 · Unknown · Internment

Published

2021-03-03

Updated

2021-08-25

CVE-2021-28037

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: internment crate versions prior to 0.4.2

Description: The issue is related to a data race that can cause memory corruption due to the unconditional implementation of Sync for Intern<T>. This allows users to create a data race on T: !Sync, which may lead to undefined behavior, such as memory corruption.

Recommendations: For versions prior to 0.4.2, update to version 0.4.2 or later, which includes the correction by adding the trait bound T: Sync in the Sync impl of Intern<T>. As a temporary workaround, consider avoiding the use of Intern<T> with types that do not implement Sync to minimize the risk of exploitation.

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CVE-2021-28037

GHSA-GPPW-3H6H-V6Q2

RUSTSEC-2021-0036

Affected Products

Internment

PT-2021-17725 · Unknown · Internment

CVE-2021-28037

Weakness Enumeration

Related Identifiers

Affected Products

References · 9