Data Race Vulnerability in Rust Futures Utility Crate
CVE-2020-35905

4.7MEDIUM

Key Information:

Vendor: Rust-lang
Status: Future-utils
Vendor: CVE Published:; 31 December 2020

What is CVE-2020-35905?

A data race vulnerability has been identified in the futures-util crate for the Rust programming language. This issue arises from the MutexGuard::map function, which may lead to unintended concurrent behaviors in certain closure scenarios when using safe code. Developers utilizing versions of futures-util prior to 0.3.7 should review their implementations to avoid potential data integrity problems and ensure the stability of their applications.

References

https://rustsec.org/advisories/RUSTSEC-2020-0059.html

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 31, 2020
Vulnerability Reserved
Dec 31, 2020

Rust-lang

What is CVE-2020-35905?

References

CVSS V3.1

Timeline