- Issued
-
- Package
-
arr
(crates.io)
- Type
-
Vulnerability
- Categories
-
- memory-corruption
- thread-safety
- Aliases
-
- Details
-
https://github.com/sjep/array/issues/1
- Patched
-
no patched versions
Description
arr crate contains multiple security issues. Specifically,
- It incorrectly implements Sync/Send bounds, which allows to smuggle non-Sync/Send types across the thread boundary.
Index and IndexMut implementation does not check the array bound.Array::new_from_template() drops uninitialized memory.
More