GHSA-mgg8-9pvp-6qcw – noise_search

Package

Manager: cargo
Name: noise_search
Vulnerable Version: <0

Severity

Level: Medium

CVSS v3.1: N/A

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

MvccRwLock allows data races & aliasing violations Affected versions of the `noise_search` crate unconditionally implement Send/Sync for `MvccRwLock`. This can lead to data races when types that are either `!Send` or `!Sync` (e.g. `Rc<T>`, `Arc<Cell<_>>`) are contained inside `MvccRwLock` and sent across thread boundaries. The data races can potentially lead to memory corruption (as demonstrated in the PoC from the original report issue). Also, safe APIs of `MvccRwLock` allow aliasing violations by allowing `&T` and `LockResult<MutexGuard<Box<T>>>` to co-exist in conflicting lifetime regions. The APIs of `MvccRwLock` should either be marked as `unsafe` or `MbccRwLock` should be changed to private or pub(crate).

Metadata

Created: 2021-08-25T20:59:59Z
Modified: 2021-08-24T18:01:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-mgg8-9pvp-6qcw/GHSA-mgg8-9pvp-6qcw.json
CWE IDs: ["CWE-362"]
Alternative ID: N/A
Finding: N/A
Auto approve: 0