Lucene search
K

39 matches found

NVD
NVD
added 2020/12/31 10:15 a.m.11 views

CVE-2020-35886

An issue was discovered in the arr crate through 2020-08-25 for Rust. An attacker can smuggle non-Sync/Send types across a thread boundary to cause a data race...

4.7CVSS4.7AI score0.00192EPSS
Exploits0References1
OSV
OSV
added 2020/12/31 10:15 a.m.24 views

CVE-2020-35886

An issue was discovered in the arr crate through 2020-08-25 for Rust. An attacker can smuggle non-Sync/Send types across a thread boundary to cause a data race...

4.7CVSS6.7AI score0.01515EPSS
Exploits0References1
Prion
Prion
added 2020/12/31 10:15 a.m.14 views

Design/Logic Flaw

An issue was discovered in the arr crate through 2020-08-25 for Rust. An attacker can smuggle non-Sync/Send types across a thread boundary to cause a data race...

1.9CVSS4.8AI score0.00192EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/12/31 9:15 a.m.4 views

CVE-2020-35915

An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types...

5.5CVSS6.1AI score0.00374EPSS
Exploits1References1
NVD
NVD
added 2020/12/31 9:15 a.m.47 views

CVE-2020-35915

An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types...

5.5CVSS5.5AI score0.00374EPSS
Exploits1References1
Prion
Prion
added 2020/12/31 9:15 a.m.23 views

Cross site scripting

An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types...

2.1CVSS5.5AI score0.00374EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/12/31 9:15 a.m.15 views

Sql injection

An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache data race by sending types that do not implement Send/Sync...

1.9CVSS4.8AI score0.00242EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/12/31 8:18 a.m.44 views

CVE-2020-35915

An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types...

5.5AI score0.00374EPSS
Exploits1References1
CVE
CVE
added 2020/12/31 8:18 a.m.54 views

CVE-2020-35915

CVE-2020-35915 affects the Rust futures-intrusive crate prior to 0.4.0. The issue is that GenericMutexGuard can allow cross-thread data races on non-Sync types due to how the guard tracks access to the locked data, potentially enabling unsafe concurrent access. The vulnerability is documented by ...

5.5CVSS5.4AI score0.00374EPSS
Exploits1References1Affected Software1
RustSec
RustSec
added 2020/12/18 12:0 p.m.16 views

ButtplugFutureStateShared allows data race to (!Send|!Sync) objects

ButtplugFutureStateShared implements Send & Sync regardless of T. If T: !Send for ButtplugFutureStateShared, it is possible to move non-Send types across thread boundaries e.g. T=Rc and lead to undefined behavior. If T: !Sync for ButtplugFutureStateShared, it is possible to cause data race to T...

5.9CVSS1.5AI score0.01107EPSS
Exploits1Affected Software1
OSV
OSV
added 2020/11/14 12:0 p.m.35 views

RUSTSEC-2020-0134 `LockWeak<T>` allows to create data race to `T`.

In the affected versions of this crate, LockWeak unconditionally implemented Send with no trait bounds on T. LockWeak doesn't own T and only provides &T. This allows concurrent access to a non-Sync T, which can cause undefined behavior like data races...

8.1CVSS7.9AI score0.00833EPSS
Exploits1References3
RustSec
RustSec
added 2020/11/14 12:0 p.m.22 views

`LockWeak<T>` allows to create data race to `T`.

In the affected versions of this crate, LockWeak unconditionally implemented Send with no trait bounds on T. LockWeak doesn't own T and only provides &T. This allows concurrent access to a non-Sync T, which can cause undefined behavior like data races...

8.1CVSS4.8AI score0.00833EPSS
Exploits1
RustSec
RustSec
added 2020/11/12 12:0 p.m.25 views

Bunch<T> unconditionally implements Send/Sync

Affected versions of this crate unconditionally implements Send/Sync for Bunch. This allows users to insert T: !Sync to Bunch. It is possible to create a data race to a T: !Sync by invoking the Bunch::get API which returns &T from multiple threads. It is also possible to send T: !Send to other...

8.1CVSS3.7AI score0.01249EPSS
Exploits1
OSV
OSV
added 2020/11/10 12:0 p.m.48 views

RUSTSEC-2020-0137 AtomicBox<T> lacks bound on its Send and Sync traits allowing data races

AtomicBox is a Box type designed to be used across threads, however, it implements the Send and Sync traits for all types T. This allows non-Send types such as Rc and non-Sync types such as Cell to be used across thread boundaries which can trigger undefined behavior and memory corruption...

8.1CVSS7.9AI score0.0124EPSS
Exploits1References3
OSV
OSV
added 2020/11/10 12:0 p.m.33 views

RUSTSEC-2020-0111 may_queue's Queue lacks Send/Sync bound for its Send/Sync trait.

Affected versions of mayqueue implements Send/Sync for its Queue type without restricting it to Sendable types and Syncable types. This allows non-Sync types such as Cell to be shared across threads leading to undefined behavior and memory corruption in concurrent programs...

5.9CVSS5.8AI score0.01112EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2020/11/10 12:0 a.m.7 views

PT-2020-17638 · Rust · Lever

Name of the Vulnerable Software and Affected Versions: lever crate versions prior to 0.1.1 Description: The issue concerns the implementation of the Send and Sync traits for all types T by AtomicBox, which is designed for use across threads. This implementation allows non-Send types, such as Rc,...

8.1CVSS7.9AI score0.0124EPSS
Exploits1References10
OSV
OSV
added 2020/10/31 12:0 p.m.27 views

RUSTSEC-2020-0113 AtomicOption should have Send + Sync bound on its type argument.

In the affected versions of this crate, AtomicOption unconditionally implements Sync. This allows programmers to move non-Sync types across thread boundaries e.g. Rc, Arc, which can lead to data races and undefined behavior. It is also possible to send non-Send types like std::sync::MutexGuard to...

5.9CVSS5.6AI score0.01107EPSS
Exploits1References3
OSV
OSV
added 2020/10/31 12:0 p.m.57 views

RUSTSEC-2020-0072 GenericMutexGuard allows data races of non-Sync types across threads

GenericMutexGuard was given the Sync auto trait as long as T is Send due to its contained members. However, since the guard is supposed to represent an acquired lock and allows concurrent access to the underlying data from different threads, it should only be Sync when the underlying data is. Thi...

5.5CVSS5.3AI score0.00374EPSS
Exploits1References3
RustSec
RustSec
added 2020/10/31 12:0 p.m.21 views

GenericMutexGuard allows data races of non-Sync types across threads

GenericMutexGuard was given the Sync auto trait as long as T is Send due to its contained members. However, since the guard is supposed to represent an acquired lock and allows concurrent access to the underlying data from different threads, it should only be Sync when the underlying data is. Thi...

5.5CVSS1.8AI score0.00374EPSS
Exploits1Affected Software1
Rows per page
Query Builder