8.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-36436

GHSA ID

GHSA-686f-ch3r-xwmh

EPSS Score

0.55836%

CWE

CWE-119

Published

8/25/2021

Updated

1/27/2023

KEV Status

Technology

Rust

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-36436

CVE-2020-36436:
Data races in unicycle

Affected versions of this crate unconditionally implemented Send & Sync for types PinSlab<T> & Unordered<T, S>. This allows sending non-Send types to other threads and concurrently accessing non-Sync types from multiple threads.

This can result in a data race & memory corruption when types that provide internal mutability without synchronization are contained within PinSlab<T> or Unordered<T, S> and accessed concurrently from multiple threads.

The flaw was corrected in commits 92f40b4 & 6a6c367 by adding trait bound T: Send to Send impls for PinSlab<T> & Unordered<T, S> and adding T: Sync to Sync impls for PinSlab<T> & Unordered<T, S>.

(GitHub Advisory)

8.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-36436

GHSA ID

GHSA-686f-ch3r-xwmh

EPSS Score

0.55836%

CWE

CWE-119

Published

8/25/2021

Updated

1/27/2023

KEV Status

Technology

Rust

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
unicycle	rust	< 0.7.1	0.7.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper Send/Sync trait implementations for PinSlab and Unordered types. The original implementations lacked required T: Send/Sync bounds, as shown in commit diffs. This allowed these containers to be thread-safe even when containing non-thread-safe types, violating Rust's safety guarantees. The explicit unsafe impl blocks for Send/Sync traits in the pre-patch code (without type parameter constraints) are the root cause functions enabling data races.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*****t** v*rsions o* t*is *r*t* un*on*ition*lly impl*m*nt** `S*n*` & `Syn*` *or typ*s `PinSl**<T>` & `Unor**r**<T, S>`. T*is *llows s*n*in* non-S*n* typ*s to ot**r t*r***s *n* *on*urr*ntly ****ssin* non-Syn* typ*s *rom multipl* t*r***s. T*is **n r*s

Reasoning

T** vuln*r**ility st*ms *rom improp*r S*n*/Syn* tr*it impl*m*nt*tions *or PinSl** *n* Unor**r** typ*s. T** ori*in*l impl*m*nt*tions l**k** r*quir** T: S*n*/Syn* *oun*s, *s s*own in *ommit *i**s. T*is *llow** t**s* *ont*in*rs to ** t*r***-s*** *v*n w*

8.1

Basic Information

Concerned about an active attack path?

CVE-2020-36436: Data races in unicycle

8.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2020-36436:
Data races in unicycle

Vulnerability Intelligence
Miggo AI