HistoryEdit

RUSTSEC-2020-0148

Multiple soundness issues in Ptr

Issued
Package
cgc (crates.io)
Type
Vulnerability
Categories
Keywords
#memory-safety #aliasing #concurrency
Aliases
Details
https://github.com/playXE/cgc/issues/5
CVSS Score
5.9 MEDIUM
CVSS Details
Attack vector
Network
Attack complexity
High
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Patched
no patched versions
Keywords
#memory-safety #aliasing #concurrency

Description

Affected versions of this crate have the following issues:

  1. Ptr implements Send and Sync for all types, this can lead to data races by sending non-thread safe types across threads.

  2. Ptr::get violates mutable alias rules by returning multiple mutable references to the same object.

  3. Ptr::write uses non-atomic writes to the underlying pointer. This means that when used across threads it can lead to data races.