GitHub Advisory DatabaseGHSA-FQQ2-XP7M-XVM8Data race in ruspiro-singleton
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
61.8%
Singleton<T> is meant to be a static object that can be initialized lazily. In
order to satisfy the requirement that static items must implement Sync,
Singleton implemented both Sync and Send unconditionally.
This allows for a bug where non-Sync types such as Cell can be used in
singletons and cause data races in concurrent programs.
The flaw was corrected in commit b0d2bd20e by adding trait bounds, requiring
the contaiend type to implement Sync.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ruspiro-singleton_project | ruspiro-singleton | * | cpe:2.3:a:ruspiro-singleton_project:ruspiro-singleton:*:*:*:*:*:rust:*:* |
References
github.com/advisories/GHSA-fqq2-xp7m-xvm8
github.com/RusPiRo/ruspiro-singleton/commit/b0d2bd20eb40b9cbc2958b981ba2dcd9e6f9396e
github.com/RusPiRo/ruspiro-singleton/issues/10
github.com/RusPiRo/ruspiro-singleton/pull/11
nvd.nist.gov/vuln/detail/CVE-2020-36435
raw.githubusercontent.com/rustsec/advisory-db/main/crates/ruspiro-singleton/RUSTSEC-2020-0115.md
rustsec.org/advisories/RUSTSEC-2020-0115.html
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
61.8%