Reported

September 21, 2020

Issued

October 1, 2020 (last modified: June 13, 2023)

Package

atom (crates.io)

Type

INFO Unsound

Categories

• thread-safety

Aliases

• CVE-2020-35897
• GHSA-9cg2-2j2h-59v9

References

• https://github.com/slide-rs/atom/issues/13

CVSS Score

4.7 MEDIUM

CVSS Details

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality Impact

None

Integrity Impact

None

Availability Impact

High

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Patched

• >=0.3.6

Description

The atom crate contains a security issue revolving around its implementation of the Send trait. It incorrectly allows any arbitrary type to be sent across threads potentially leading to use-after-free issues through memory races.

Advisory available under CC0-1.0 license.