Miggo Logo

CVE-2020-36220: Data race in va-ts

5.9

CVSS Score
3.1

Basic Information

EPSS Score
0.52981%
Published
8/25/2021
Updated
6/13/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
va-tsrust< 0.0.40.0.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the improper Send trait implementation for Demuxer<T> that lacked necessary type bounds. The advisory explicitly states this was fixed by adding T: Send bound. The unsafe Send implementation is the direct cause as it violates Rust's thread safety guarantees by permitting non-Send types to move between threads, leading to synchronization issues and memory corruption.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In t** *****t** v*rsions o* t*is *r*t*, **mux*r<T> un*on*ition*lly impl*m*nt** S*n* wit* no tr*it *oun*s on T. T*is *llows s*n*in* * non-S*n* typ* T **ross t*r*** *oun**ri*s, w*i** **n **us* un***in** ****vior lik* unlo*kin* * mut*x *rom * t*r*** t**

Reasoning

T** vuln*r**ility st*ms *rom t** improp*r S*n* tr*it impl*m*nt*tion *or **mux*r<T> t**t l**k** n***ss*ry typ* *oun*s. T** **visory *xpli*itly st*t*s t*is w*s *ix** *y ***in* T: S*n* *oun*. T** uns*** S*n* impl*m*nt*tion is t** *ir**t **us* *s it viol