Skip to content

Data races in model

Moderate severity GitHub Reviewed Published Aug 25, 2021 to the GitHub Advisory Database • Updated Jan 9, 2023
Withdrawn This advisory was withdrawn on Aug 24, 2021

Package

cargo model (Rust)

Affected versions

<= 0.1.2

Patched versions

None

Description

Shared data structure in model crate implements Send and Sync traits regardless of the inner type.
This allows safe Rust code to trigger a data race, which is undefined behavior in Rust.

Users are advised to treat Shared as an unsafe type.
It should not be used outside of the testing context,
and care must be taken so that the testing code does not have a data race
besides a race condition that is expected to be caught by the test.

Check the Rustonomicon for the difference between
a data race and a general race condition.

References

Reviewed Aug 9, 2021
Withdrawn Aug 24, 2021
Published to the GitHub Advisory Database Aug 25, 2021
Last updated Jan 9, 2023

Severity

Moderate

EPSS score

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-8q64-wrfr-q48c

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.