{"id":"RUSTSEC-2021-0113","summary":"AtomicBucket\u003cT\u003e unconditionally implements Send/Sync","details":"In the affected versions of the crate, `AtomicBucket\u003cT\u003e` unconditionally implements `Send`/`Sync` traits. Therefore, users can create a data race to the inner\n`T: !Sync` by using the `AtomicBucket::data_with()` API.\nSuch data races can potentially cause memory corruption or other undefined behavior.\n\nThe flaw was fixed in commit 8e6daab by adding appropriate Send/Sync bounds to the Send/Sync impl of struct `Block\u003cT\u003e` (which is a data type contained inside `AtomicBucket\u003cT\u003e`).","aliases":["CVE-2021-45704","GHSA-3hxh-7jxm-59x4","GHSA-cwvc-87xq-pc5m"],"modified":"2023-11-08T04:07:22.868706Z","published":"2021-04-07T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/metrics-util"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2021-0113.html"},{"type":"REPORT","url":"https://github.com/metrics-rs/metrics/issues/190"}],"affected":[{"package":{"name":"metrics-util","ecosystem":"crates.io","purl":"pkg:cargo/metrics-util"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.7.0"}]}],"ecosystem_specific":{"affects":{"os":[],"arch":[],"functions":[]},"affected_functions":null},"database_specific":{"cvss":null,"categories":["memory-corruption","thread-safety"],"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2021-0113.json","informational":null}}],"schema_version":"1.7.3"}