Reported

November 24, 2020

Issued

January 30, 2021 (last modified: June 13, 2023)

Package

convec (crates.io)

Type

Vulnerability

Categories

• memory-corruption
• thread-safety

Aliases

• CVE-2020-36445
• GHSA-rpxm-vmr7-5f5f

References

• https://github.com/krl/convec/issues/2

CVSS Score

8.1 HIGH

CVSS Details

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality Impact

High

Integrity Impact

High

Availability Impact

High

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Patched

no patched versions

Description

Affected versions of this crate unconditionally implement Send/Sync for ConVec<T>. This allows users to insert T that is not Send or not Sync.

This allows users to create data races by using non-Send types like Arc<Cell<_>> or Rc<_> as T in ConVec<T>. It is also possible to create data races by using types like Cell<_> or RefCell<_> as T (types that are Send but not Sync). Such data races can lead to memory corruption.

Advisory available under CC0-1.0 license.