Reported

October 31, 2020

Issued

January 20, 2021 (last modified: June 13, 2023)

Package

atomic-option (crates.io)

Type

Vulnerability

Categories

• memory-corruption
• thread-safety

Aliases

• CVE-2020-36219
• GHSA-8gf5-q9p9-wvmc

References

• https://github.com/reem/rust-atomic-option/issues/4

CVSS Score

5.9 MEDIUM

CVSS Details

Attack vector

Network

Attack complexity

High

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Patched

no patched versions

Description

In the affected versions of this crate, AtomicOption<T> unconditionally implements Sync.

This allows programmers to move non-Sync types across thread boundaries (e.g. Rc<T>, Arc<Cell<T>>), which can lead to data races and undefined behavior. It is also possible to send non-Send types like std::sync::MutexGuard to other threads, which can lead to undefined behavior.

Advisory available under CC0-1.0 license.