Miggo Logo
Miggo Vulnerability Database
GHSA-x4mq-m75f-mx8m

GHSA-x4mq-m75f-mx8m: Delegate functions are missing `Send` bound

9.8

CVSS Score
3.1

Basic Information

CVE ID
-
GHSA ID
GHSA-x4mq-m75f-mx8m
EPSS Score
-
CWE
CWE-820
Published
6/17/2022
Updated
1/12/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
windowsrust>= 0.1.2, < 0.32.00.32.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability manifests in delegate handler constructors across multiple Windows API modules where FnMut parameters lacked Send bounds. The commit diff shows systematic addition of ::core::marker::Send to all handler generics. High confidence comes from: 1) Vulnerability description specifically calls out delegate handlers 2) Commit modifies 50+ handler implementations 3) CWE-820 directly relates to missing synchronization primitives 4) Example in GHSA shows TypedEventHandler was vulnerable 5) Windows API documentation for free-threaded handlers requires thread-safe callbacks.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*****t** v*rsions o* t*is *r*t* *i* not r*quir* *v*nt **n*l*rs to **v* `S*n*` *oun* **spit* t**r* **in* no *u*r*nt** o* t**m **in* **ll** on *ny p*rti*ul*r t*r***, w*i** **n pot*nti*lly l*** to **t* r***s *n* un***in** ****vior. T** *l*w w*s *orr**t

Reasoning

T** vuln*r**ility m*ni**sts in **l***t* **n*l*r *onstru*tors **ross multipl* Win*ows *PI mo*ul*s w**r* *nMut p*r*m*t*rs l**k** S*n* *oun*s. T** *ommit *i** s*ows syst*m*ti* ***ition o* ::*or*::m*rk*r::S*n* to *ll **n*l*r **n*ri*s. *i** *on*i**n** *om
GHSA-x4mq-m75f-mx8m: windows-rs Delegate Data Race | Miggo