Lucene search
GoogleOSV:GHSA-FG42-VWXX-XX5JHistoryAug 25, 2021 - 8:58 p.m.
Data race in tiny_future
2021-08-2520:58:53
Google
osv.dev
9
0.002 Low
EPSS
Percentile
61.9%
tiny_future contains a light-weight implementation of Futures. The Future type it has lacked bound on its Send and Sync traits. This allows for a bug where non-thread safe types such as Cell can be used in Futures and cause data races in concurrent programs. The flaw was corrected in commit c791919 by adding trait bounds to Future’s Send and Sync.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tiny_future | lt | 0.4.0 |
References
github.com/KizzyCode/tiny_future
github.com/KizzyCode/tiny_future-rust/commit/c7919199a0f6d1ce0e3c33499d1b37f862c990e4
github.com/KizzyCode/tiny_future/issues/1
nvd.nist.gov/vuln/detail/CVE-2020-36438
raw.githubusercontent.com/rustsec/advisory-db/main/crates/tiny_future/RUSTSEC-2020-0118.md
rustsec.org/advisories/RUSTSEC-2020-0118.html
Related
rustsec
rustsec
Future<T> lacks bounds on Send and Sync.
2020-12-08 12:00:00
osv
osv
Future<T> lacks bounds on Send and Sync.
2020-12-08 12:00:00
Data races in tiny_future
2021-08-25 21:00:32
cvelist
cvelist
CVE-2020-36438
2021-08-08 05:18:32
github
github
Data race in tiny_future
2021-08-25 20:58:53
cve
cve
CVE-2020-36438
2021-08-08 06:15:07
prion
prion
Design/Logic Flaw
2021-08-08 06:15:00
cnvd
cnvd
Mozilla Rust Buffer Overflow Vulnerability (CNVD-2021-85297)
2021-09-23 00:00:00
nvd
nvd
CVE-2020-36438
2021-08-08 06:15:07