Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlteHctNDg1Ni05Y201
Data races in rusb
Affected versions of rusb did not require UsbContext to implement Send and Sync. However, through Device and DeviceHandle it is possible to use UsbContexts across threads. This issue allows non-thread safe UsbContext types to be used concurrently leading to data races and memory corruption. The issue was fixed by adding Send and Sync bounds to UsbContext.
Permalink: https://github.com/advisories/GHSA-9mxw-4856-9cm5JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlteHctNDg1Ni05Y201
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: 11 months ago
CVSS Score: 7.0
CVSS vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-9mxw-4856-9cm5, CVE-2020-36206
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-36206
- https://github.com/a1ien/rusb/issues/44
- https://rustsec.org/advisories/RUSTSEC-2020-0098.html
- https://github.com/advisories/GHSA-9mxw-4856-9cm5
Blast Radius: 18.4
Affected Packages
cargo:rusb
Dependent packages: 79Dependent repositories: 428
Downloads: 1,614,167 total
Affected Version Ranges: < 0.7.0
Fixed in: 0.7.0
All affected versions: 0.4.0, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.5.5, 0.6.0, 0.6.2, 0.6.3, 0.6.4, 0.6.5
All unaffected versions: 0.7.0, 0.8.0, 0.8.1, 0.9.0, 0.9.1, 0.9.2, 0.9.3