Multiple security issues including data race, buffer overflow, and uninitialized memory drop

ID RUSTSEC-2020-0034
Type rustsec
Reporter rustsec
Modified 2021-01-31T04:02:50


arr crate contains multiple security issues. Specifically,

  1. It incorrectly implements Sync/Send bounds, which allows to smuggle non-Sync/Send types across the thread boundary.
  2. Index and IndexMut implementation does not check the array bound.
  3. Array::new_from_template() drops uninitialized memory.