Lucene search
GoogleOSV:GHSA-CWVC-87XQ-PC5MHistoryJan 06, 2022 - 10:08 p.m.
Out-of-bounds Write and Race Condition in metrics-util
2022-01-0622:08:43
Google
osv.dev
3
0.002 Low
EPSS
Percentile
59.7%
In the affected versions of the crate, AtomicBucket<T> unconditionally implements Send/Sync traits. Therefore, users can create a data race to the inner T: !Sync by using the AtomicBucket::data_with() API. Such data races can potentially cause memory corruption or other undefined behavior.
The flaw was fixed in commit 8e6daab by adding appropriate Send/Sync bounds to the Send/Sync impl of struct Block<T> (which is a data type contained inside AtomicBucket<T>).
| CPE | Name | Operator | Version |
|---|---|---|---|
| metrics-util | lt | 0.7.0 |
Related
prion
prion
Memory corruption
2021-12-27 00:15:00
cve
cve
CVE-2021-45704
2021-12-27 00:15:09
cvelist
cvelist
CVE-2021-45704
2021-12-26 21:48:33
rustsec
rustsec
AtomicBucket<T> unconditionally implements Send/Sync
2021-04-07 12:00:00
nvd
nvd
CVE-2021-45704
2021-12-27 00:15:09
osv
osv
AtomicBucket<T> unconditionally implements Send/Sync
2021-04-07 12:00:00
AtomicBucket<T> unconditionally implements Send/Sync
2022-06-17 00:13:03
github
github
Out-of-bounds Write and Race Condition in metrics-util
2022-01-06 22:08:43
cnvd
cnvd
Mozilla Rust Memory Corruption Vulnerability (CNVD-2022-04516)
2021-12-28 00:00:00