Synchronization Issue in Rust Standard Library Leading to Memory Safety Risks
CVE-2017-20004

5.9MEDIUM

Key Information:

Vendor: Rust-lang
Status: Rust
Vendor: CVE Published:; 14 April 2021

What is CVE-2017-20004?

In the Rust standard library, versions before 1.19.0 contain a synchronization flaw within the MutexGuard object. This issue permits MutexGuards to be shared across threads with various types, potentially leading to memory safety vulnerabilities due to race conditions. This vulnerability can compromise the integrity of applications that rely on multi-threading, necessitating careful handling and robust defenses.

References

https://github.com/rust-lang/rust/issues/41622

x_refsource_MISC

https://github.com/rust-lang/rust/pull/41624

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2021
Vulnerability Reserved
Apr 14, 2021

Rust-lang

What is CVE-2017-20004?

References

CVSS V3.1

Timeline