{"id":"RUSTSEC-2020-0114","summary":"`Demuxer` can carry non-Send types across thread boundaries","details":"In the affected versions of this crate, `Demuxer\u003cT\u003e` unconditionally implemented `Send` with no trait bounds on `T`.\n\nThis allows sending a non-Send type `T` across thread boundaries, which can cause undefined behavior like unlocking a mutex from a thread that didn't lock the mutex, or memory corruption from data race.\n\nThe flaw was corrected in commit 0562cbf by adding a `T: Send` bound to the `Send` impl for `Demuxer\u003cT\u003e`.","aliases":["CVE-2020-36220","GHSA-3hj2-hh36-hv9v"],"modified":"2023-11-08T04:03:42.275700Z","published":"2020-12-22T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/va-ts"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2020-0114.html"},{"type":"REPORT","url":"https://github.com/video-audio/va-ts/issues/4"}],"affected":[{"package":{"name":"va-ts","ecosystem":"crates.io","purl":"pkg:cargo/va-ts"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.0.4"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"os":[],"functions":[],"arch":[]}},"database_specific":{"categories":["memory-corruption","thread-safety"],"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0114.json","informational":null,"cvss":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}