GHSA-7mg7-m5c3-3hqj – unicycle

Package

Manager: cargo
Name: unicycle
Vulnerable Version: <0

Severity

Level: Medium

CVSS v3.1: N/A

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Data races in unicycle Affected versions of this crate unconditionally implemented `Send` & `Sync` for types `PinSlab<T>` & `Unordered<T, S>`. This allows sending non-Send types to other threads and concurrently accessing non-Sync types from multiple threads. This can result in a data race & memory corruption when types that provide internal mutability without synchronization are contained within `PinSlab<T>` or `Unordered<T, S>` and accessed concurrently from multiple threads. The flaw was corrected in commits 92f40b4 & 6a6c367 by adding trait bound `T: Send` to `Send` impls for `PinSlab<T>` & `Unordered<T, S>` and adding `T: Sync` to `Sync` impls for `PinSlab<T>` & `Unordered<T, S>`.

Metadata

Created: 2021-08-25T21:00:39Z
Modified: 2021-08-24T17:47:15Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-7mg7-m5c3-3hqj/GHSA-7mg7-m5c3-3hqj.json
CWE IDs: ["CWE-362"]
Alternative ID: N/A
Finding: N/A
Auto approve: 0