EUVD-2021-1547

Malware in sbrugna...

CVE-2020-36208

An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption...

Data races in conquer-once

Affected versions of conquer-once implements Sync for its OnceCell type without restricting it to Sendable types. This allows non-Send but Sync types such as MutexGuard to be sent across threads leading to undefined behavior and memory corruption in concurrent programs. The issue was fixed by...

bootloader (>=0.10.0 <=0.10.13), libertyos_kernel (>=0.14.0 <=0.17.5) +1 more potentially affected by CVE-2020-36208 via conquer-once (=0.2.1)

conquer-once CARGO version =0.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on conquer-once and may be impacted: - bootloader =0.10.0, =0.14.0, =0.1.0, =0.2.6 Source cves: CVE-2020-36208 Source advisory: OSV:GHSA-3JC5-5HC5-33GJ...

GHSA-3JC5-5HC5-33GJ Data races in conquer-once

Affected versions of conquer-once implements Sync for its OnceCell type without restricting it to Sendable types. This allows non-Send but Sync types such as MutexGuard to be sent across threads leading to undefined behavior and memory corruption in concurrent programs. The issue was fixed by...

CVE-2020-36208

An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption...

CVE-2020-36208

An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption...

Memory corruption

An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption...

CVE-2020-36208

An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption...

CVE-2020-36208

The CVE-2020-36208 issue affects the conquer-once crate for Rust (pre-0.3.2). It allows a thread crossing to occur for a non-Send but Sync type (notably types like MutexGuard via OnceCell), which can lead to memory corruption. The root cause is an implementation detail where OnceCell’s Sync bound...

bootloader (>=0.10.0 <=0.10.13), libertyos_kernel (>=0.14.0 <=0.17.5) +1 more potentially affected by CVE-2020-36208 via conquer-once (=0.2.1)

conquer-once CARGO version =0.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on conquer-once and may be impacted: - bootloader =0.10.0, =0.14.0, =0.1.0, =0.2.6 Source cves: CVE-2020-36208 Source advisory: OSV:RUSTSEC-2020-0101...

RUSTSEC-2020-0101 conquer-once's OnceCell lacks Send bound for its Sync trait.

Affected versions of conquer-once implements Sync for its OnceCell type without restricting it to Sendable types. This allows non-Send but Sync types such as MutexGuard to be sent across threads leading to undefined behavior and memory corruption in concurrent programs. The issue was fixed by...

conquer-once's OnceCell lacks Send bound for its Sync trait.

Affected versions of conquer-once implements Sync for its OnceCell type without restricting it to Sendable types. This allows non-Send but Sync types such as MutexGuard to be sent across threads leading to undefined behavior and memory corruption in concurrent programs. The issue was fixed by...

RUSTSEC-2019-0031 spin is no longer actively maintained

The author of the spin crate does not have time or interest to maintain it. Consider the following alternatives all of which support nostd: - conquer-once - lockapi a subproject of parkinglot - spinningtop spinlock crate built on lockapi - spinning...

spin is no longer actively maintained

The author of the spin crate does not have time or interest to maintain it. Consider the following alternatives all of which support nostd: - conquer-once - lockapi a subproject of parkinglot - spinningtop spinlock crate built on lockapi - spinning...