HistoryEdit

RUSTSEC-2020-0044

Unsafe Send implementation in Atom allows data races

Reported
Issued
Package
atom (crates.io)
Type
INFO Unsound
Categories
Aliases
Details
https://github.com/slide-rs/atom/issues/13
CVSS Score
4.7 MEDIUM
CVSS Details
Attack vector
Local
Attack complexity
High
Privileges required
Low
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Patched
  • >=0.3.6

Description

The atom crate contains a security issue revolving around its implementation of the Send trait. It incorrectly allows any arbitrary type to be sent across threads potentially leading to use-after-free issues through memory races.