CVE-2020-36218: Improper synchronization in buttplug

August 25, 2021

An issue was discovered in the buttplug crate before 1.0.4 for Rust. ButtplugFutureStateShared does not properly consider (!Send|!Sync) objects, leading to a data race.

References

github.com/advisories/GHSA-r7rv-2rph-hvhj
github.com/buttplugio/buttplug-rs
github.com/buttplugio/buttplug-rs/issues/225
nvd.nist.gov/vuln/detail/CVE-2020-36218
rustsec.org/advisories/RUSTSEC-2020-0112.html

Detect and mitigate CVE-2020-36218 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →