CVE-2020-35907: futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer
(updated )
Affected versions of the crate used a UnsafeCell in thread-local storage to return a noop waker reference, assuming that the reference would never be returned from another thread.
This resulted in a segmentation fault crash if Waker::wake_by_ref() was called on a waker returned from another thread due to it attempting to dereference a pointer that wasn’t accessible from the main thread.
References
Detect and mitigate CVE-2020-35907 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →