HistoryEdit

RUSTSEC-2020-0092

Send/Sync bound needed on V in impl Send/Sync for ARCache<K, V>

Reported
Issued
Package
concread (crates.io)
Type
INFO Unsound
Categories
Aliases
Details
https://github.com/kanidm/concread/issues/48
CVSS Score
4.7 MEDIUM
CVSS Details
Attack vector
Local
Attack complexity
High
Privileges required
Low
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Patched
  • >=0.2.6

Description

Affected versions of this crate unconditionally implemented Send/Sync traits for ARCache<K, V> type.

This allows users to send/access types that do not implement Send/Sync, which can cause a data race.

The flaw was corrected in the 0.2.6 release by adding bounds K: Send + Sync & V: Send + Sync to affected Send/Sync trait implementations.