CVE-2020-36207

An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because Aovec does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur...

CVE-2020-36207

CVE-2020-36207 affects the Rust crate name‑sake “aovec” (Aovec). The root cause is that Aovec does not impose bounds on its Send/Sync traits, which can enable data races and memory corruption when values are used across threads. The vulnerability is documented in multiple sources (e.g., RustSec a...

CVE-2020-36208

An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption...

CVE-2020-36208

The CVE-2020-36208 issue affects the conquer-once crate for Rust (pre-0.3.2). It allows a thread crossing to occur for a non-Send but Sync type (notably types like MutexGuard via OnceCell), which can lead to memory corruption. The root cause is an implementation detail where OnceCell’s Sync bound...

CVE-2020-36209

CVE-2020-36209 concerns the late-static crate (pre-0.4.0) for Rust. The issue arises because Sync is implemented for LateStatic with T: Send, enabling a data race on a type that is Send but not Sync (e.g., Cell). This can lead to memory corruption or undefined behavior as described in multiple so...

CVE-2020-36209

An issue was discovered in the late-static crate before 0.4.0 for Rust. Because Sync is implemented for LateStatic with T: Send, a data race can occur...

CVE-2020-36210

An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption...

CVE-2020-36210

The CVE-2020-36210 entry corresponds to a concrete issue in the Rust crate autorand prior to version 0.2.3. The vulnerability arises because of how impl Random is implemented for arrays: on panic, uninitialized memory could be dropped, potentially causing memory corruption. Public advisories (e.g...

CVE-2020-36211

An issue was discovered in the gfwx crate before 0.3.0 for Rust. Because ImageChunkMut does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur...

CVE-2020-36211

CVE-2020-36211 affects the Rust gfwx crate (pre-0.3.0). The issue is that ImageChunkMut does not have bounds on its Send or Sync traits, allowing data races and memory corruption. Remediation documented in RUSTSEC-2020-0104 and related advisories shows the fix: add T: Send to the Send implementat...

CVE-2020-36212

CVE-2020-36212 affects the Rust abi_stable crate (pre-0.9.1). The vulnerability arises from DrainFilter not being sound due to a double drop, leading to potential unsoundness in the crate. The CVE is documented across multiple data sources (NVD, Red Hat, OSV, GHSA) with consistent description; re...

CVE-2020-36213

An issue was discovered in the abistable crate before 0.9.1 for Rust. A retain call can create an invalid UTF-8 string, violating soundness...

CVE-2020-36213

The CVE-2020-36213 issue affects the abi_stable crate for Rust prior to 0.9.1. A retain call can produce an invalid UTF-8 string, violating soundness and potentially undermining memory-safety guarantees. Documented impact centers on Rust crate soundness rather than explicit exploit paths in the p...

CVE-2020-36214

The CVE-2020-36214 entry concerns the Rust crate multiqueue2 (pre-0.1.7). The root cause is that a non-Send type could be sent to another thread, enabling a data race. Reported in multiple sources (Red Hat, GHSA, OSV/RustSec) and linked advisories confirm the flaw existed across affected versions...

CVE-2020-36214

An issue was discovered in the multiqueue2 crate before 0.1.7 for Rust. Because a non-Send type can be sent to a different thread, a data race can occur...

CVE-2020-36215

The CVE-2020-36215 issue affects the Rust crate hashconsing (pre-1.1.0). HConsed lacks bounds for Send/Sync, allowing non-Sync types (e.g., Cell) to be shared across threads, which can cause memory corruption. Affected versions are hashconsing before 1.1.0. remediation is to upgrade to 1.1.0 or l...

CVE-2020-36215

An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur...

CVE-2020-36216

CVE-2020-36216 concerns the Rust crate eventio (Input before 0.5.1). A non-Send type could be sent to another thread, enabling a data race and memory corruption. The issue is documented across multiple sources (RustSec/RUSTSEC-2020-0108, GHSA-69VJ-XX27-G45W, Red Hat/CVE references). The root caus...

CVE-2020-36216

An issue was discovered in Input in the eventio crate before 0.5.1 for Rust. Because a non-Send type can be sent to a different thread, a data race and memory corruption can occur...

CVE-2020-36217

An issue was discovered in the mayqueue crate through 2020-11-10 for Rust. Because Queue does not have bounds on its Send trait or Sync trait, memory corruption can occur...