RUSTSEC-2020-0137

AtomicBox lacks bound on its Send and Sync traits allowing data races

Issued
Package
lever (crates.io)
Type
Vulnerability
Categories
  • memory-corruption
  • thread-safety
Details
https://github.com/vertexclique/lever/issues/15
Patched
  • >=0.1.1
Keywords
  • concurrency

Description

AtomicBox<T> is a Box type designed to be used across threads, however, it implements the Send and Sync traits for all types T.

This allows non-Send types such as Rc and non-Sync types such as Cell to be used across thread boundaries which can trigger undefined behavior and memory corruption.

More