RUSTSEC-2020-0090

Thex allows data races of non-Send types across threads

Issued
Package
thex (crates.io)
Type
Vulnerability
Categories
  • memory-corruption
  • thread-safety
Aliases
Patched
no patched versions
Keywords
  • concurrency

Description

thex::Thex<T> implements Sync for all types T. However, it is missing a bound for T: Send.

This allows non-Send types such as Rc to be sent across thread boundaries which can trigger undefined behavior and memory corruption.

More