CVE-2020-35928: Data races in concread

August 25, 2021

An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache<K,V> data race by sending types that do not implement Send/Sync.

References

github.com/advisories/GHSA-4xj5-vv9x-63jp
github.com/kanidm/concread
github.com/kanidm/concread/issues/48
nvd.nist.gov/vuln/detail/CVE-2020-35928
rustsec.org/advisories/RUSTSEC-2020-0092.html

Detect and mitigate CVE-2020-35928 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →