CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RustSec•added 2020/11/14 12:0 p.m.•20 views

`LockWeak<T>` allows to create data race to `T`.

In the affected versions of this crate, LockWeak unconditionally implemented Send with no trait bounds on T. LockWeak doesn't own T and only provides &T. This allows concurrent access to a non-Sync T, which can cause undefined behavior like data races...

8.1CVSS4.8AI score0.00833EPSS

OSV•added 2020/11/14 12:0 p.m.•17 views

RUSTSEC-2020-0134 `LockWeak<T>` allows to create data race to `T`.

8.1CVSS7.9AI score0.00833EPSS

RustSec•added 2020/11/13 12:0 p.m.•16 views

Send/Sync bound needed on V in `impl Send/Sync for ARCache<K, V>`

Affected versions of this crate unconditionally implemented Send/Sync traits for ARCache type. This allows users to send/access types that do not implement Send/Sync, which can cause a data race. The flaw was corrected in the 0.2.6 release by adding bounds K: Send + Sync & V: Send + Sync to...

4.7CVSS2.9AI score0.00242EPSS

OSV•added 2020/11/12 12:0 p.m.•15 views

RUSTSEC-2020-0130 Bunch<T> unconditionally implements Send/Sync

Affected versions of this crate unconditionally implements Send/Sync for Bunch. This allows users to insert T: !Sync to Bunch. It is possible to create a data race to a T: !Sync by invoking the Bunch::get API which returns &T from multiple threads. It is also possible to send T: !Send to other...

8.1CVSS7.9AI score0.01249EPSS

RustSec•added 2020/11/12 12:0 p.m.•25 views

Bunch<T> unconditionally implements Send/Sync

8.1CVSS3.7AI score0.01249EPSS

Veracode•added 2020/11/12 8:1 a.m.•7 views

Denial Of Service (DoS)

cbor-sync is vulnerable to Denial Of Service. A Denial Of Service condition occurs when the server drains all the free memory during allocation of an unbounded length buffer...

3.6AI score

Exploits0

OSV•added 2020/11/10 12:0 p.m.•12 views

RUSTSEC-2020-0102 LateStatic has incorrect Sync bound

Affected versions of this crate implemented Sync for LateStatic with T: Send, so that it is possible to create a data race to a type T: Send + !Sync e.g. Cell. This can result in a memory corruption or other kinds of undefined behavior. The flaw was corrected in commit 11f396c by replacing the T:...

7CVSS6.9AI score0.00357EPSS

RustSec•added 2020/11/10 12:0 p.m.•16 views

LateStatic has incorrect Sync bound

7CVSS2.9AI score0.00357EPSS

RustSec•added 2020/11/10 12:0 p.m.•19 views

`Shared` can cause a data race

Shared data structure in model crate implements Send and Sync traits regardless of the inner type. This allows safe Rust code to trigger a data race, which is undefined behavior in Rust. Users are advised to treat Shared as an unsafe type. It should not be used outside of the testing context, and...

8.1CVSS1.4AI score0.01098EPSS

RustSec•added 2020/11/10 12:0 p.m.•21 views

may_queue's Queue lacks Send/Sync bound for its Send/Sync trait.

Affected versions of mayqueue implements Send/Sync for its Queue type without restricting it to Sendable types and Syncable types. This allows non-Sync types such as Cell to be shared across threads leading to undefined behavior and memory corruption in concurrent programs...

5.9CVSS3.4AI score0.01112EPSS

RustSec•added 2020/11/10 12:0 p.m.•25 views

AtomicBox<T> implements Send/Sync for any `T: Sized`

Affected versions of this crate implements Send/Sync for AtomicBox without requiring T: Send/T: Sync. This allows to create data races to T: !Sync and send T: !Send to another thread. Such behavior breaks the compile-time thread safety guarantees of Rust, and allows users to incur undefined...

8.1CVSS3AI score0.00766EPSS

Exploits0Affected Software1

OSV•added 2020/11/10 12:0 p.m.•16 views

RUSTSEC-2020-0107 hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait.

Affected versions of hashconsing implements Send/Sync for its HConsed type without restricting it to Sendable types and Syncable types. This allows non-Sync types such as Cell to be shared across threads leading to undefined behavior and memory corruption in concurrent programs...

7.5CVSS7.7AI score0.0136EPSS

OSV•added 2020/11/10 12:0 p.m.•12 views

RUSTSEC-2020-0111 may_queue's Queue lacks Send/Sync bound for its Send/Sync trait.

5.9CVSS5.8AI score0.01112EPSS

OSV•added 2020/11/10 12:0 p.m.•16 views

RUSTSEC-2020-0140 `Shared` can cause a data race

8.1CVSS8AI score0.01098EPSS

OSV•added 2020/11/10 12:0 p.m.•14 views

RUSTSEC-2020-0137 AtomicBox<T> lacks bound on its Send and Sync traits allowing data races

AtomicBox is a Box type designed to be used across threads, however, it implements the Send and Sync traits for all types T. This allows non-Send types such as Rc and non-Sync types such as Cell to be used across thread boundaries which can trigger undefined behavior and memory corruption...

8.1CVSS7.9AI score0.0124EPSS

OSV•added 2020/11/10 12:0 p.m.•20 views

RUSTSEC-2020-0138 ReaderResult should be bounded by Sync

Affected versions of this crate implements Sync for ReaderResult with the trait bound T: Send, E: Send. Since matching on the public enum ReaderResult provides access to &T & &E, allowing data race to a non-Sync type T or E. This can result in a memory corruption when multiple threads concurrentl...

8.1CVSS8.2AI score0.00833EPSS

RustSec•added 2020/11/10 12:0 p.m.•23 views

hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait.

7.5CVSS3AI score0.0136EPSS

RustSec•added 2020/11/10 12:0 p.m.•19 views

ReaderResult should be bounded by Sync

8.1CVSS1.1AI score0.00833EPSS