logo

Database

Race condition In arr

Description

Multiple security issues including data race, buffer overflow, and uninitialized memory drop in arr arr crate contains multiple security issues. Specifically,

    It incorrectly implements Sync/Send bounds, which allows to smuggle non-Sync/Send types across the thread boundary.

    Index and IndexMut implementation does not check the array bound.

    Array::new_from_template() drops uninitialized memory.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. CVE-2020-358862. NVD-2020-358863. OSV-2020-358864. GCVE-2020-35886

References

1. https://github.com/sjep/array/issues/12. https://rustsec.org/advisories/RUSTSEC-2020-0034.html

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.