Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-9hpw-r23r-xgm5: Data race in `Iter` and `IterMut`

In the affected version of this crate, {Iter, IterMut}::next used a weaker memory ordering when loading values than what was required, exposing a potential data race when iterating over a ThreadLocal's values.

Crates using Iter::next, or IterMut::next are affected by this issue.

ghsa
Open in Source
#vulnerability#git
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. GHSA-9hpw-r23r-xgm5

Data race in `Iter` and `IterMut`

High severity GitHub Reviewed Published Jun 17, 2022 • Updated Jun 17, 2022

Vulnerability details Dependabot alerts 0

We are still processing this advisory. You may have affected repositories that are not yet on this list. Check back soon for more.

Package

cargo thread_local (Rust)

Affected versions

< 1.1.4

Patched versions

1.1.4

Description

In the affected version of this crate, {Iter, IterMut}::next used a weaker memory ordering when loading values than what was required, exposing a potential data race
when iterating over a ThreadLocal’s values.

Crates using Iter::next, or IterMut::next are affected by this issue.

References

  • Amanieu/thread_local-rs#33
  • https://rustsec.org/advisories/RUSTSEC-2022-0006.html

Severity

High

Weaknesses

CWE-362

CVE ID

No known CVE

GHSA ID

GHSA-9hpw-r23r-xgm5

Source code

Amanieu/thread_local-rs

See something to contribute? Suggest improvements for this vulnerability.

ghsa: Latest News

GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution
ghsa