Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05aHB3LXIyM3IteGdtNc4AArs7
Data race in `Iter` and `IterMut`
In the affected version of this crate, {Iter, IterMut}::next used a weaker memory ordering when loading values than what was required, exposing a potential data race
when iterating over a ThreadLocal's values.
Crates using Iter::next, or IterMut::next are affected by this issue.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05aHB3LXIyM3IteGdtNc4AArs7
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago
Identifiers: GHSA-9hpw-r23r-xgm5
References:
- https://github.com/Amanieu/thread_local-rs/issues/33
- https://rustsec.org/advisories/RUSTSEC-2022-0006.html
- https://github.com/advisories/GHSA-9hpw-r23r-xgm5
Blast Radius: 0.0
Affected Packages
cargo:thread_local
Dependent packages: 121Dependent repositories: 41,835
Downloads: 184,812,998 total
Affected Version Ranges: < 1.1.4
Fixed in: 1.1.4
All affected versions: 0.1.0, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.2.7, 0.3.0, 0.3.1, 0.3.2, 0.3.3, 0.3.4, 0.3.5, 0.3.6, 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.1.2, 1.1.3
All unaffected versions: 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8