CVE-2020-36206 – rusb

Package

Manager: cargo
Name: rusb
Vulnerable Version: >=0 <0.7.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00068 pctl0.21268

Details

Data races in rusb Affected versions of rusb did not require UsbContext to implement Send and Sync. However, through Device and DeviceHandle it is possible to use UsbContexts across threads. This issue allows non-thread safe UsbContext types to be used concurrently leading to data races and memory corruption. The issue was fixed by adding Send and Sync bounds to UsbContext.

Metadata

Created: 2021-08-25T20:50:51Z
Modified: 2023-06-13T20:46:48Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-9mxw-4856-9cm5/GHSA-9mxw-4856-9cm5.json
CWE IDs: ["CWE-662", "CWE-787"]
Alternative ID: GHSA-9mxw-4856-9cm5
Finding: F124
Auto approve: 1