Reported

October 28, 2020

Issued

January 26, 2021 (last modified: June 13, 2023)

Package

beef (crates.io)

Type

Vulnerability

Categories

• memory-corruption
• thread-safety

Aliases

• CVE-2020-36442
• GHSA-m7w4-8wp8-m2xq

References

• https://github.com/maciejhirsz/beef/issues/37

CVSS Score

8.1 HIGH

CVSS Details

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality Impact

High

Integrity Impact

High

Availability Impact

High

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Patched

• >=0.5.0

Description

Affected versions of this crate did not have a T: Sync bound in the Send impl for Cow<'_, T, U>. This allows users to create data races by making Cow contain types that are (Send && !Sync) like Cell<_> or RefCell<_>.

Such data races can lead to memory corruption.

The flaw was corrected in commit d1c7658 by adding trait bounds T: Sync and T::Owned: Send to the Send impl for Cow<'_, T, U>.

Advisory available under CC0-1.0 license.