39 matches found
EUVD-2021-1675
Malware in sbrugna...
EUVD-2021-1560
Malware in sbrugna...
CVE-2020-35928
An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache data race by sending types that do not implement Send/Sync...
CVE-2020-35915
An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types...
GHSA-36XM-35QQ-795W Inventory exposes reference to non-Sync data to an arbitrary thread
Affected versions do not enforce a Sync bound on the type of caller-provided value held in the plugin registry. References to these values are made accessible to arbitrary threads other than the one that constructed them. A caller could use this flaw to submit thread-unsafe data into inventory,...
Inventory exposes reference to non-Sync data to an arbitrary thread
Affected versions do not enforce a Sync bound on the type of caller-provided value held in the plugin registry. References to these values are made accessible to arbitrary threads other than the one that constructed them. A caller could use this flaw to submit thread-unsafe data into inventory,...
RUSTSEC-2023-0058 Exposes reference to non-Sync data to an arbitrary thread
Affected versions do not enforce a Sync bound on the type of caller-provided value held in the plugin registry. References to these values are made accessible to arbitrary threads other than the one that constructed them. A caller could use this flaw to submit thread-unsafe data into inventory,...
Singleton lacks bounds on Send and Sync.
Singleton is meant to be a static object that can be initialized lazily. In order to satisfy the requirement that static items must implement Sync, Singleton implemented both Sync and Send unconditionally. This allows for a bug where non-Sync types such as Cell can be used in singletons and cause...
GHSA-XWXC-J97J-84GF Race condition in Parc
In the affected versions of this crate, LockWeak unconditionally implemented Send with no trait bounds on T. LockWeak doesn't own T and only provides &T. This allows concurrent access to a non-Sync T, which can cause undefined behavior like data races...
GHSA-JWPH-QP5H-F9WJ Data races in bunch
An issue was discovered in the bunch crate through 2020-11-12 for Rust. Affected versions of this crate unconditionally implements Send/Sync for Bunch. This allows users to insert T: !Sync to Bunch. It is possible to create a data race to a T: !Sync by invoking the Bunch::get API which returns &T...
GHSA-9J8Q-M9X5-9G6J Data races in async-coap
An issue was discovered in the async-coap crate through 2020-12-08 for Rust. Affected versions of this crate implement Send/Sync for ArcGuard with no trait bounds on RC. This allows users to send RC: !Send to other threads and also allows users to concurrently access Rc: !Sync from multiple...
GHSA-FQQ2-XP7M-XVM8 Data race in ruspiro-singleton
Singleton is meant to be a static object that can be initialized lazily. In order to satisfy the requirement that static items must implement Sync, Singleton implemented both Sync and Send unconditionally. This allows for a bug where non-Sync types such as Cell can be used in singletons and cause...
Data races in unicycle
Affected versions of this crate unconditionally implemented Send & Sync for types PinSlab & Unordered. This allows sending non-Send types to other threads and concurrently accessing non-Sync types from multiple threads. This can result in a data race & memory corruption when types that provide...
Data races in lexer
lexer is a plugin based lexical reader.Affected versions of this crate implements Sync for ReaderResult with the trait bound T: Send, E: Send. Since matching on the public enum ReaderResult provides access to &T & &E, allowing data race to a non-Sync type T or E. This can result in a memory...
GHSA-29V7-3V4C-GF38 Data races in parc
In the affected versions of this crate, LockWeak unconditionally implemented Send with no trait bounds on T. LockWeak doesn't own T and only provides &T. This allows concurrent access to a non-Sync T, which can cause undefined behavior like data races...
Data races in parc
In the affected versions of this crate, LockWeak unconditionally implemented Send with no trait bounds on T. LockWeak doesn't own T and only provides &T. This allows concurrent access to a non-Sync T, which can cause undefined behavior like data races...
GHSA-RW2C-C256-3R53 Data races in hashconsing
Affected versions of hashconsing implements Send/Sync for its HConsed type without restricting it to Sendable types and Syncable types. This allows non-Sync types such as Cell to be shared across threads leading to undefined behavior and memory corruption in concurrent programs...
Data races in hashconsing
Affected versions of hashconsing implements Send/Sync for its HConsed type without restricting it to Sendable types and Syncable types. This allows non-Sync types such as Cell to be shared across threads leading to undefined behavior and memory corruption in concurrent programs...
CVE-2020-36203
An issue was discovered in the reffers crate through 2020-12-01 for Rust. ARefss can contain a !Send,!Sync object, leading to a data race and memory corruption...
Reffers Crate Security Breach
Reffers Crate through 2020-12-01 for Rust A security vulnerability exists that stems from the fact that ARefss can contain a !Send,!Sync object, resulting in data contention and memory corruption...