8.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-36461

GHSA ID

GHSA-wxjf-9f4g-3v44

EPSS Score

0.64009%

CWE

CWE-77

Published

8/25/2021

Updated

2/1/2023

KEV Status

Technology

Rust

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-36461

CVE-2020-36461:
Data races in noise_search

Affected versions of the noise_search crate unconditionally implement Send/Sync for MvccRwLock. This can lead to data races when types that are either !Send or !Sync (e.g. Rc<T>, Arc<Cell<_>>) are contained inside MvccRwLock and sent across thread boundaries. The data races can potentially lead to memory corruption (as demonstrated in the PoC from the original report issue).

Also, safe APIs of MvccRwLock allow aliasing violations by allowing &T and LockResult<MutexGuard<Box<T>>> to co-exist in conflicting lifetime regions. The APIs of MvccRwLock should either be marked as unsafe or MbccRwLock should be changed to private or pub(crate).

(GitHub Advisory)

8.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-36461

GHSA ID

GHSA-wxjf-9f4g-3v44

EPSS Score

0.64009%

CWE

CWE-77

Published

8/25/2021

Updated

2/1/2023

KEV Status

Technology

Rust

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
noise_search	rust	<= 0.7.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from two core issues: 1) Unchecked Send/Sync implementations for MvccRwLock enable unsafe cross-thread transfer of non-atomic types. 2) The read() API (and similar accessors) create lifetime conflicts between shared references and mutable guards. The explicit unsafe impl blocks for Send/Sync in index.rs directly violate Rust's safety requirements, while the safe-but-unsound read API violates aliasing rules. The PoC demonstrates concrete memory corruption through Rc<T> cloning across threads, confirming the impact of these implementations.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*****t** v*rsions o* t** `nois*_s**r**` *r*t* un*on*ition*lly impl*m*nt S*n*/Syn* *or `Mv**RwLo*k`. T*is **n l*** to **t* r***s w**n typ*s t**t *r* *it**r `!S*n*` or `!Syn*` (*.*. `R*<T>`, `*r*<**ll<_>>`) *r* *ont*in** insi** `Mv**RwLo*k` *n* s*nt **

Reasoning

T** vuln*r**ility st*ms *rom two *or* issu*s: *) Un****k** S*n*/Syn* impl*m*nt*tions *or `Mv**RwLo*k` *n**l* uns*** *ross-t*r*** tr*ns**r o* non-*tomi* typ*s. *) T** `r***()` *PI (*n* simil*r ****ssors) *r**t* li**tim* *on*li*ts **tw**n s**r** r***r*

8.1

Basic Information

Concerned about an active attack path?

CVE-2020-36461: Data races in noise_search

8.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2020-36461:
Data races in noise_search

Vulnerability Intelligence
Miggo AI