{"id":"RUSTSEC-2020-0124","summary":"ArcGuard's Send and Sync should have bounds on RC","details":"Affected versions of this crate implement Send/Sync for `ArcGuard\u003cRC, T\u003e` with no trait bounds on `RC`. This allows users to send `RC: !Send` to other threads and also allows users to concurrently access `Rc: !Sync` from multiple threads.\n\nThis can result in memory corruption from data race or other undefined behavior caused by sending `T: !Send` to other threads (e.g. dropping `MutexGuard\u003cT\u003e` in another thread that didn't lock its mutex).","aliases":["CVE-2020-36444","GHSA-9j8q-m9x5-9g6j"],"modified":"2023-11-08T04:03:45.205946Z","published":"2020-12-08T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/async-coap"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2020-0124.html"},{"type":"REPORT","url":"https://github.com/google/rust-async-coap/issues/33"}],"affected":[{"package":{"name":"async-coap","ecosystem":"crates.io","purl":"pkg:cargo/async-coap"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"}]}],"ecosystem_specific":{"affects":{"os":[],"functions":[],"arch":[]},"affected_functions":null},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0124.json","informational":null,"cvss":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","categories":["memory-corruption","thread-safety"]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}