Synchronization Flaw in Rust Standard Library Affects Memory Safety
CVE-2018-25008

5.9MEDIUM

Key Information:

Vendor: Rust-lang
Status: Rust
Vendor: CVE Published:; 14 April 2021

What is CVE-2018-25008?

The Rust standard library, prior to version 1.29.0, contains a synchronization flaw in the Arc::get_mut method. This issue can result in memory safety violations due to potential race conditions, allowing concurrent access without proper control. Developers utilizing affected versions should upgrade to ensure safer multithreading practices and avoid unpredictable behavior in their applications.

References

https://github.com/rust-lang/rust/issues/51780

x_refsource_MISC

https://github.com/rust-lang/rust/pull/52031

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2021
Vulnerability Reserved
Apr 14, 2021

Rust-lang

What is CVE-2018-25008?

References

CVSS V3.1

Timeline