HistoryEditJSON (OSV)

RUSTSEC-2020-0150

RingBuffer can create multiple mutable references and cause data races

Reported
Issued
Package
disrustor (crates.io)
Type
Vulnerability
Categories
Aliases
References
CVSS Score
5.9 MEDIUM
CVSS Details
Attack vector
Network
Attack complexity
High
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Patched
  • >=0.3

Description

The RingBuffer type retrieves mutable references from the DataProvider in a non-atomic manner, potentially allowing the creation of multiple mutable references. RingBuffer also implements the Send and Sync traits for all types T.

This allows undefined behavior from the aliased mutable references as well as data races.

Advisory available under CC0-1.0 license.