HistoryEdit

RUSTSEC-2020-0034

Multiple security issues including data race, buffer overflow, and uninitialized memory drop

Reported
Issued
Package
arr (crates.io)
Type
Vulnerability
Categories
Aliases
Details
https://github.com/sjep/array/issues/1
Patched
no patched versions

Description

arr crate contains multiple security issues. Specifically,

  1. It incorrectly implements Sync/Send bounds, which allows to smuggle non-Sync/Send types across the thread boundary.
  2. Index and IndexMut implementation does not check the array bound.
  3. Array::new_from_template() drops uninitialized memory.