Lucene search

K
rustsecRustsecRUSTSEC-2020-0119
HistoryNov 17, 2020 - 12:00 p.m.

ReadTicket and WriteTicket should only be sendable when T is Send

2020-11-1712:00:00
rustsec.org
11
send
readticket
writeticket
data races
memory corruption
security flaw
affected versions

EPSS

0.002

Percentile

61.8%

Affected versions of this crate unconditionally implemented Send for ReadTicket<T> & WriteTicket<T>.
This allows to send non-Send T to other threads.

This can allows creating data races by cloning types with internal mutability and sending them to other threads (as T of ReadTicket<T>/WriteTicket<T>). Such data races can cause memory corruption or other undefined behavior.

The flaw was corrected in commit a986a93 by adding T: Send bounds to Send impls of ReadTicket<T>/WriteTicket<T>.

Affected configurations

Vulners
Node
ticketed_lock_projectticketed_lockRange<0.3.0rust
VendorProductVersionCPE
ticketed_lock_projectticketed_lock*cpe:2.3:a:ticketed_lock_project:ticketed_lock:*:*:*:*:*:rust:*:*

EPSS

0.002

Percentile

61.8%

Related for RUSTSEC-2020-0119