Reported

November 17, 2020

Issued

January 25, 2021 (last modified: June 13, 2023)

Package

ticketed_lock (crates.io)

Type

Vulnerability

Categories

• memory-corruption
• thread-safety

Aliases

• CVE-2020-36439
• GHSA-77m6-x95j-75r5
• GHSA-gq4h-f254-7cw9

References

• https://github.com/kvark/ticketed_lock/issues/7

CVSS Score

8.1 HIGH

CVSS Details

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality Impact

High

Integrity Impact

High

Availability Impact

High

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Patched

• >=0.3.0

Description

Affected versions of this crate unconditionally implemented Send for ReadTicket<T> & WriteTicket<T>. This allows to send non-Send T to other threads.

This can allows creating data races by cloning types with internal mutability and sending them to other threads (as T of ReadTicket<T>/WriteTicket<T>). Such data races can cause memory corruption or other undefined behavior.

The flaw was corrected in commit a986a93 by adding T: Send bounds to Send impls of ReadTicket<T>/WriteTicket<T>.

Advisory available under CC0-1.0 license.