HistoryEdit

RUSTSEC-2021-0113

AtomicBucket unconditionally implements Send/Sync

Issued
Package
metrics-util (crates.io)
Type
Vulnerability
Categories
Details
https://github.com/metrics-rs/metrics/issues/190
Patched
  • >=0.7.0

Description

In the affected versions of the crate, AtomicBucket<T> unconditionally implements Send/Sync traits. Therefore, users can create a data race to the inner T: !Sync by using the AtomicBucket::data_with() API. Such data races can potentially cause memory corruption or other undefined behavior.

The flaw was fixed in commit 8e6daab by adding appropriate Send/Sync bounds to the Send/Sync impl of struct Block<T> (which is a data type contained inside AtomicBucket<T>).