Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13NTloLTM3OGYtMmZybc4AA4oR
Unsound sending of non-Send types across threads in threadalone
Affected versions can run the Drop impl of a non-Send type on a different
thread than it was created on.
The flaw occurs when a stderr write performed by the threadalone crate fails,
for example because stderr is redirected to a location on a filesystem that is
full, or because stderr is a pipe that has been closed by the reader.
Dropping a non-Send type on the wrong thread is unsound. If used with a type
such as a pthread-based MutexGuard, the consequence is undefined
behavior. If used with Rc, there would be a data race on the
reference count, which is likewise undefined behavior.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13NTloLTM3OGYtMmZybc4AA4oR
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 3 months ago
Updated: 3 months ago
Identifiers: GHSA-w59h-378f-2frm
References:
- https://github.com/cr0sh/threadalone/issues/1
- https://rustsec.org/advisories/RUSTSEC-2024-0005.html
- https://github.com/advisories/GHSA-w59h-378f-2frm
Blast Radius: 1.0
Affected Packages
cargo:threadalone
Dependent packages: 0Dependent repositories: 0
Downloads: 814 total
Affected Version Ranges: < 0.2.1
Fixed in: 0.2.1
All affected versions: 0.1.0, 0.2.0
All unaffected versions: 0.2.1