Reported

November 24, 2020

Issued

January 24, 2021 (last modified: June 13, 2023)

Package

conqueue (crates.io)

Type

Vulnerability

Categories

• memory-corruption
• thread-safety

Aliases

• CVE-2020-36437
• GHSA-368f-29c3-4f2r

References

• https://github.com/longshorej/conqueue/issues/9

CVSS Score

8.1 HIGH

CVSS Details

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality Impact

High

Integrity Impact

High

Availability Impact

High

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Patched

• >=0.4.0

Description

Affected versions of this crate unconditionally implemented Send/Sync for QueueSender<T>, allowing to send non-Send T to other threads by invoking (&QueueSender<T>).send().

This fails to prevent users from creating data races by sending types like Rc<T> or Arc<Cell<T>> to other threads, which can lead to memory corruption.

The flaw was corrected in commit 1e462c3 by imposing T: Send to both Send/Sync impls for QueueSender<T>/QueueReceiver<T>.

Advisory available under CC0-1.0 license.