- Reported
-
- Issued
-
- Package
-
appendix
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Aliases
-
- References
-
- CVSS Score
- 5.9
MEDIUM
- CVSS Details
-
- Attack vector
- Network
- Attack complexity
- High
- Privileges required
- None
- User interaction
- None
- Scope
- Unchanged
- Confidentiality
- None
- Integrity
- None
- Availability
- High
- CVSS Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
- Patched
-
no patched versions
Description
The appendix
crate implements a key-value mapping data structure called
Index<K, V>
that is stored on disk. The crate allows for any type to inhabit
the generic K
and V
type parameters and implements Send and Sync for them
unconditionally.
Using a type that is not marked as Send
or Sync
with Index
can allow it
to be used across multiple threads leading to data races. Additionally using
reference types for the keys or values will lead to the segmentation faults
in the crate's code.
Advisory available under CC0-1.0
license.