Issued

December 18, 2020

Package

kekbit (crates.io)

Type

Vulnerability

Categories

• memory-corruption
• thread-safety

Aliases

• CVE-2020-36449

Details

https://github.com/motoras/kekbit/issues/34

CVSS

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Patched

• >=0.3.4

Description

Affected versions of this crate implement Send for ShmWriter<H> without requiring H: Send. This allows users to send H: !Send to other threads, which can potentially lead to data races and undefined behavior.

More

• Advisory History
• Edit Advisory