HistoryEdit

RUSTSEC-2020-0150

RingBuffer can create multiple mutable references and cause data races

Issued
Package
disrustor (crates.io)
Type
Vulnerability
Categories
Aliases
Details
https://github.com/sklose/disrustor/issues/1
CVSS Score
5.9 MEDIUM
CVSS Details
Attack vector
Network
Attack complexity
High
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Patched
no patched versions

Description

The RingBuffer type retrieves mutable references from the DataProvider in a non-atomic manner, potentially allowing the creation of multiple mutable references. RingBuffer also implements the Send and Sync traits for all types T.

This allows undefined behavior from the aliased mutable references as well as data races.