may_queue's Queue lacks Send/Sync bound for its Send/Sync trait.

Affected versions of mayqueue implements Send/Sync for its Queue type without restricting it to Sendable types and Syncable types. This allows non-Sync types such as Cell to be shared across threads leading to undefined behavior and memory corruption in concurrent programs...

hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait.

Affected versions of hashconsing implements Send/Sync for its HConsed type without restricting it to Sendable types and Syncable types. This allows non-Sync types such as Cell to be shared across threads leading to undefined behavior and memory corruption in concurrent programs...

`Shared` can cause a data race

Shared data structure in model crate implements Send and Sync traits regardless of the inner type. This allows safe Rust code to trigger a data race, which is undefined behavior in Rust. Users are advised to treat Shared as an unsafe type. It should not be used outside of the testing context, and...

ReaderResult should be bounded by Sync

Affected versions of this crate implements Sync for ReaderResult with the trait bound T: Send, E: Send. Since matching on the public enum ReaderResult provides access to &T & &E, allowing data race to a non-Sync type T or E. This can result in a memory corruption when multiple threads concurrentl...

RUSTSEC-2020-0107 hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait.

Affected versions of hashconsing implements Send/Sync for its HConsed type without restricting it to Sendable types and Syncable types. This allows non-Sync types such as Cell to be shared across threads leading to undefined behavior and memory corruption in concurrent programs...

RUSTSEC-2020-0102 LateStatic has incorrect Sync bound

Affected versions of this crate implemented Sync for LateStatic with T: Send, so that it is possible to create a data race to a type T: Send + !Sync e.g. Cell. This can result in a memory corruption or other kinds of undefined behavior. The flaw was corrected in commit 11f396c by replacing the T:...

AtomicBox<T> lacks bound on its Send and Sync traits allowing data races

AtomicBox is a Box type designed to be used across threads, however, it implements the Send and Sync traits for all types T. This allows non-Send types such as Rc and non-Sync types such as Cell to be used across thread boundaries which can trigger undefined behavior and memory corruption...

LateStatic has incorrect Sync bound

Affected versions of this crate implemented Sync for LateStatic with T: Send, so that it is possible to create a data race to a type T: Send + !Sync e.g. Cell. This can result in a memory corruption or other kinds of undefined behavior. The flaw was corrected in commit 11f396c by replacing the T:...

RUSTSEC-2020-0111 may_queue's Queue lacks Send/Sync bound for its Send/Sync trait.

Affected versions of mayqueue implements Send/Sync for its Queue type without restricting it to Sendable types and Syncable types. This allows non-Sync types such as Cell to be shared across threads leading to undefined behavior and memory corruption in concurrent programs...

AtomicBox<T> implements Send/Sync for any `T: Sized`

Affected versions of this crate implements Send/Sync for AtomicBox without requiring T: Send/T: Sync. This allows to create data races to T: !Sync and send T: !Send to another thread. Such behavior breaks the compile-time thread safety guarantees of Rust, and allows users to incur undefined...

PT-2020-17638 · Rust · Lever

Name of the Vulnerable Software and Affected Versions: lever crate versions prior to 0.1.1 Description: The issue concerns the implementation of the Send and Sync traits for all types T by AtomicBox, which is designed for use across threads. This implementation allows non-Send types, such as Rc,...

appian-locust (>=0.0.2 <=1.7.0), exact-sync (>=0.0.39 <=0.0.40) +2 more potentially affected by CVE-2020-28364 via locust (>=1.0.0 <=1.1.0)

locust PYPI version =1.0.0, =0.0.2, =0.0.39, =0.0.29, =0.4.0, =0.5.0 Source cves: CVE-2020-28364 Source advisory: OSV:PYSEC-2020-60...

RUSTSEC-2020-0096 TreeFocus lacks bounds on its Send and Sync traits

Affected versions of im contains TreeFocus that unconditionally implements Send and Sync. This allows a data race in safe Rust code if TreeFocus is extracted from Focus type. Typical users that only use Focus type are not affected...

TreeFocus lacks bounds on its Send and Sync traits

Affected versions of im contains TreeFocus that unconditionally implements Send and Sync. This allows a data race in safe Rust code if TreeFocus is extracted from Focus type. Typical users that only use Focus type are not affected...

RUSTSEC-2020-0070 Some lock_api lock guard objects can cause data races

Affected versions of lockapi had unsound implementations of the Send or Sync traits for some guard objects, namely: MappedMutexGuard MappedRwLockReadGuard MappedRwLockWriteGuard RwLockReadGuard RwLockWriteGuard These guards could allow data races through types that are not safe to Send across...

Some lock_api lock guard objects can cause data races

Affected versions of lockapi had unsound implementations of the Send or Sync traits for some guard objects, namely: MappedMutexGuard MappedRwLockReadGuard MappedRwLockWriteGuard RwLockReadGuard RwLockWriteGuard These guards could allow data races through types that are not safe to Send across...

kernel: sync of excessive duration via an XFS v5 image with crafted metadata

A flaw was discovered in the XFS source in the Linux kernel. This flaw allows an attacker with the ability to mount an XFS filesystem, to trigger a denial of service while attempting to sync a file located on an XFS v5 image with crafted metadata...

RUSTSEC-2020-0113 AtomicOption should have Send + Sync bound on its type argument.

In the affected versions of this crate, AtomicOption unconditionally implements Sync. This allows programmers to move non-Sync types across thread boundaries e.g. Rc, Arc, which can lead to data races and undefined behavior. It is also possible to send non-Send types like std::sync::MutexGuard to...

RUSTSEC-2020-0072 GenericMutexGuard allows data races of non-Sync types across threads

GenericMutexGuard was given the Sync auto trait as long as T is Send due to its contained members. However, since the guard is supposed to represent an acquired lock and allows concurrent access to the underlying data from different threads, it should only be Sync when the underlying data is. Thi...

AtomicOption should have Send + Sync bound on its type argument.

In the affected versions of this crate, AtomicOption unconditionally implements Sync. This allows programmers to move non-Sync types across thread boundaries e.g. Rc, Arc, which can lead to data races and undefined behavior. It is also possible to send non-Send types like std::sync::MutexGuard to...