CVE-2020-36203: Data races in reffers
4.7
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.13655%
CWE
Published
8/25/2021
Updated
6/13/2023
KEV Status
No
Technology
Rust
Technical Details
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
reffers | rust | < 0.6.1 | 0.6.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from missing Send + Sync trait bounds on the generic type V in ARefss's mapping functions. The commit diff shows these bounds were added to both map() and try_map() in ARefss implementations. Before the fix, these functions allowed wrapping types that aren't thread-safe (V: !Send/!Sync) into ARefss which claims Send + Sync guarantees, enabling concurrent unsynchronized access. The PoC demonstrates how this could create data races with Cell (which is !Sync), confirming the exploit path through these functions.