Design/Logic Flaw

An issue was discovered in the arr crate through 2020-08-25 for Rust. An attacker can smuggle non-Sync/Send types across a thread boundary to cause a data race...

CVE-2020-35928

An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache data race by sending types that do not implement Send/Sync...

CVE-2020-35915

An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types...

CVE-2020-35908

An issue was discovered in the futures-util crate before 0.3.2 for Rust. FuturesUnordered can lead to data corruption because Sync is mishandled...

CVE-2020-35915

An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types...

CVE-2020-35908

An issue was discovered in the futures-util crate before 0.3.2 for Rust. FuturesUnordered can lead to data corruption because Sync is mishandled...

Design/Logic Flaw

An issue was discovered in the futures-util crate before 0.3.2 for Rust. FuturesUnordered can lead to data corruption because Sync is mishandled...

Cross site scripting

An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types...

Sql injection

An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache data race by sending types that do not implement Send/Sync...

CVE-2020-35908

CVE-2020-35908 affects the Rust crate futures-util (before 0.3.2). The issue is an improper implementation of Sync in the FuturesUnordered structure, which used interior mutability via a Cell without proper synchronization. This can lead to data corruption when multiple threads access the interna...

CVE-2020-35908

An issue was discovered in the futures-util crate before 0.3.2 for Rust. FuturesUnordered can lead to data corruption because Sync is mishandled...

CVE-2020-35915

CVE-2020-35915 affects the Rust futures-intrusive crate prior to 0.4.0. The issue is that GenericMutexGuard can allow cross-thread data races on non-Sync types due to how the guard tracks access to the locked data, potentially enabling unsafe concurrent access. The vulnerability is documented by ...

CVE-2020-35915

An issue was discovered in the futures-intrusive crate before 0.4.0 for Rust. GenericMutexGuard allows cross-thread data races of non-Sync types...

CVE-2020-35928

Concread crate (Rust) before 0.2.6 exposes a data race in ARCache when non-Send/Sync types are used. Root cause: ARCache implementation unbound by Send/Sync, allowing unsafe concurrent access. The issue was fixed in 0.2.6 by adding K: Send + Sync and V: Send + Sync bounds to the affected Send/Syn...

Rust 竞争条件问题漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A Competition Condition Issue vulnerability exists in Rust concread crate versions prior to 0.2.6, which can be exploited by an attacker to cause data contention in ARCache by sending a type that does not...

conquer-once's OnceCell lacks Send bound for its Sync trait.

Affected versions of conquer-once implements Sync for its OnceCell type without restricting it to Sendable types. This allows non-Send but Sync types such as MutexGuard to be sent across threads leading to undefined behavior and memory corruption in concurrent programs. The issue was fixed by...

RUSTSEC-2020-0101 conquer-once's OnceCell lacks Send bound for its Sync trait.

Affected versions of conquer-once implements Sync for its OnceCell type without restricting it to Sendable types. This allows non-Send but Sync types such as MutexGuard to be sent across threads leading to undefined behavior and memory corruption in concurrent programs. The issue was fixed by...

SyncRef's clone() and debug() allow data races

Affected versions of this crate unconditionally implement Sync for SyncRef. This definition allows data races if &T is accessible through &SyncRef. SyncRef derives Clone and Debug, and the default implementations of those traits access &T by invoking T::clone & T::fmt. It is possible to create da...

RUSTSEC-2020-0152 ImmediateIO and TransactionalIO can cause data races

The ImmediateIO and TransactionalIO types implement Sync for all contained Expander types regardless of if the Expander itself is safe to use across threads. As the IO types allow retrieving the Expander, this can lead to non-thread safe types being sent across threads as part of the Expander...

RUSTSEC-2020-0127 SyncRef's clone() and debug() allow data races

Affected versions of this crate unconditionally implement Sync for SyncRef. This definition allows data races if &T is accessible through &SyncRef. SyncRef derives Clone and Debug, and the default implementations of those traits access &T by invoking T::clone & T::fmt. It is possible to create da...