CVE-2021-28037

CRITICAL9.8EPSS 0.43%

Intern<T>: Data race allowed on T

發布日:2021/8/25修改日:2023/11/8

也稱為:GHSA-gppw-3h6h-v6q2RUSTSEC-2021-0036

描述

Affected versions of this crate unconditionally implements `Sync` for `Intern<T>`. This allows users to create data race on `T: !Sync`, which may lead to undefined behavior (for example, memory corruption). The flaw was corrected in commit 2928a87 by adding the trait bound `T: Sync` in the `Sync` impl of `Intern<T>`.

受影響套件(2)

crates.io/internmentfrom 0, < 0.4.2
crates.io/internment>= 0.0.0-0, < 0.4.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-28037
PATCHhttps://crates.io/crates/internment
PATCHhttps://github.com/droundy/internment
WEBhttps://github.com/droundy/internment/issues/20
WEBhttps://rustsec.org/advisories/RUSTSEC-2021-0036.html