Reported

December 22, 2020

Issued

January 21, 2021 (last modified: June 13, 2023)

Package

va-ts (crates.io)

Type

Vulnerability

Categories

• memory-corruption
• thread-safety

Aliases

• CVE-2020-36220
• GHSA-3hj2-hh36-hv9v

References

• https://github.com/video-audio/va-ts/issues/4

CVSS Score

5.9 MEDIUM

CVSS Details

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality Impact

None

Integrity Impact

None

Availability Impact

High

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Patched

• >=0.0.4

Description

In the affected versions of this crate, Demuxer<T> unconditionally implemented Send with no trait bounds on T.

This allows sending a non-Send type T across thread boundaries, which can cause undefined behavior like unlocking a mutex from a thread that didn't lock the mutex, or memory corruption from data race.

The flaw was corrected in commit 0562cbf by adding a T: Send bound to the Send impl for Demuxer<T>.

Advisory available under CC0-1.0 license.