Lucene search
+L

243 matches found

Github Security Blog
Github Security Blog
added 2021/08/25 8:58 p.m.30 views

Data races in toolshed

An issue was discovered in the toolshed crate through 2020-11-15 for Rust. In CopyCell, the Send trait lacks bounds on the contained type...

8.1CVSS7.8AI score0.01098EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 8:56 p.m.41 views

Data races in model

Shared data structure in model crate implements Send and Sync traits regardless of the inner type. This allows safe Rust code to trigger a data race, which is undefined behavior in Rust. Users are advised to treat Shared as an unsafe type. It should not be used outside of the testing context, and...

8.1CVSS7.8AI score0.01098EPSS
Exploits1References4Affected Software1
vulnersOsv
vulnersOsv
added 2021/08/25 8:54 p.m.3 views

endian_trait_derive (>=0.2.0 <=0.4.0) potentially affected by CVE-2021-29929 via endian_trait (>=0.2.0 <=0.3.0)

endiantrait CARGO version =0.2.0, =0.2.0, =0.4.0 Source cves: CVE-2021-29929 Source advisory: OSV:GHSA-VPW8-43WM-RXW5...

7.5CVSS7.1AI score0.01135EPSS
Exploits1
OSV
OSV
added 2021/08/25 8:51 p.m.57 views

GHSA-3HJ2-HH36-HV9V Data race in va-ts

In the affected versions of this crate, Demuxer unconditionally implemented Send with no trait bounds on T. This allows sending a non-Send type T across thread boundaries, which can cause undefined behavior like unlocking a mutex from a thread that didn't lock the mutex, or memory corruption from...

5.9CVSS5.8AI score0.00801EPSS
Exploits1References4
OSV
OSV
added 2021/08/25 8:50 p.m.25 views

GHSA-G489-XRW3-3V8W Data races in aovec

An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because Aovec does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur...

7CVSS5.9AI score0.00285EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/08/25 8:50 p.m.30 views

Data races in try-mutex

Affected versions of this crate unconditionally implemented Sync trait for TryMutex type. This allows users to put non-Send T type in TryMutex and send it to another thread, which can cause a data race. The flaw was corrected in the 0.3.0 release by adding T: Send bound for the Sync trait...

5.5CVSS5.4AI score0.00377EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2021/08/25 8:50 p.m.52 views

GHSA-64J8-7GP2-XJX5 Data races in try-mutex

Affected versions of this crate unconditionally implemented Sync trait for TryMutex type. This allows users to put non-Send T type in TryMutex and send it to another thread, which can cause a data race. The flaw was corrected in the 0.3.0 release by adding T: Send bound for the Sync trait...

5.5CVSS5.2AI score0.00377EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2021/08/25 8:49 p.m.29 views

Data races in futures-intrusive

GenericMutexGuard was given the Sync auto trait as long as T is Send due to its contained members. However, since the guard is supposed to represent an acquired lock and allows concurrent access to the underlying data from different threads, it should only be Sync when the underlying data is. Thi...

5.5CVSS5.5AI score0.00374EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2021/08/25 8:49 p.m.15 views

GHSA-4HJG-CX88-G9F9 Data races in futures-intrusive

GenericMutexGuard was given the Sync auto trait as long as T is Send due to its contained members. However, since the guard is supposed to represent an acquired lock and allows concurrent access to the underlying data from different threads, it should only be Sync when the underlying data is. Thi...

5.5CVSS5.3AI score0.00374EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2021/08/25 8:49 p.m.30 views

Data races in atom

The atom crate contains a security issue revolving around its implementation of the Send trait. It incorrectly allows any arbitrary type to be sent across threads potentially leading to use-after-free issues through memory races...

4.7CVSS5.4AI score0.00196EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/08/25 8:49 p.m.49 views

GHSA-9CG2-2J2H-59V9 Data races in atom

The atom crate contains a security issue revolving around its implementation of the Send trait. It incorrectly allows any arbitrary type to be sent across threads potentially leading to use-after-free issues through memory races...

4.7CVSS4.8AI score0.00196EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/08/25 8:48 p.m.36 views

Data races in rocket

The affected version of rocket contains a Clone trait implementation of LocalRequest that reuses the pointer to inner Request object. This causes data race in rare combinations of APIs if the original and the cloned objects are modified at the same time...

8.1CVSS7.7AI score0.00957EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2021/08/25 8:48 p.m.62 views

GHSA-8Q2V-67V7-6VC6 Data races in rocket

The affected version of rocket contains a Clone trait implementation of LocalRequest that reuses the pointer to inner Request object. This causes data race in rare combinations of APIs if the original and the cloned objects are modified at the same time...

8.1CVSS7.9AI score0.00957EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2021/08/25 8:46 p.m.28 views

Rust Failure Crate Vulnerable to Type confusion

Safe Rust code can implement malfunctioning privategettypeid and cause type confusion when downcasting, which is an undefined behavior. Users who derive Fail trait are not affected...

9.8CVSS9AI score0.01487EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/08/25 8:46 p.m.9 views

GHSA-R98R-J25Q-RMPR Rust Failure Crate Vulnerable to Type confusion

Safe Rust code can implement malfunctioning privategettypeid and cause type confusion when downcasting, which is an undefined behavior. Users who derive Fail trait are not affected...

9.8CVSS7.2AI score0.02874EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2021/08/25 8:45 p.m.36 views

Out of bounds access in rgb

Affected versions of rgb crate allow viewing and modifying data of any type T wrapped in RGB as bytes, and do not correctly constrain RGB and other wrapper structures to the types for which it is safe to do so. Safety violation possible for a type wrapped in RGB and similar wrapper structures: If...

9.1CVSS9AI score0.01595EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2021/08/25 8:45 p.m.21 views

GHSA-G4RW-8M5Q-6453 Out of bounds access in rgb

Affected versions of rgb crate allow viewing and modifying data of any type T wrapped in RGB as bytes, and do not correctly constrain RGB and other wrapper structures to the types for which it is safe to do so. Safety violation possible for a type wrapped in RGB and similar wrapper structures: If...

9.1CVSS9.3AI score0.01595EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2021/08/25 8:44 p.m.22 views

Double free in linea

Affected versions of this crate did not properly implements the Matrix::zipelements method, which causes an double free when the given trait implementation might panic. This allows an attacker to corrupt or take control of the memory...

9.8CVSS9.1AI score0.01691EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2021/08/25 8:42 p.m.13 views

GHSA-W65J-G6C7-G3M4 Multiple memory safety issues in actix-web

Affected versions contain multiple memory safety issues, such as: - Unsoundly coercing immutable references to mutable references - Unsoundly extending lifetimes of strings - Adding the Send marker trait to objects that cannot be safely sent between threads This may result in a variety of memory...

9.8CVSS7.7AI score0.01324EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2021/08/25 12:0 a.m.8 views

Data race in abox

Affected versions of this crate implements Send/Sync for AtomicBox without requiring T: Send/T: Sync. This allows to create data races to T: !Sync and send T: !Send to another thread. Such behavior breaks the compile-time thread safety guarantees of Rust, and allows users to incur undefined...

8.1CVSS7.1AI score0.00766EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder