Lucene search
RustsecRUSTSEC-2020-0122HistoryOct 28, 2020 - 12:00 p.m.
beef::Cow lacks a Sync bound on its Send trait allowing for data races
2020-10-2812:00:00
rustsec.org
10
security vulnerability
data races
memory corruption
software flaw
commit d1c7658
EPSS
0.002
Percentile
61.8%
Affected versions of this crate did not have a T: Sync bound in the Send impl for Cow<'_, T, U>. This allows users to create data races by making Cow contain types that are (Send && !Sync) like Cell<_> or RefCell<_>.
Such data races can lead to memory corruption.
The flaw was corrected in commit d1c7658 by adding trait bounds T: Sync and T::Owned: Send to the Send impl for Cow<'_, T, U>.
Related
github
github
Data races in beef
2021-08-25 20:59:08
cvelist
cvelist
CVE-2020-36442
2021-08-08 05:17:36
osv
osv
Data races in beef
2021-08-25 20:59:08
beef::Cow lacks a Sync bound on its Send trait allowing for data races
2020-10-28 12:00:00
prion
prion
Design/Logic Flaw
2021-08-08 06:15:00
cve
cve
CVE-2020-36442
2021-08-08 06:15:07
nvd
nvd
CVE-2020-36442
2021-08-08 06:15:07