RUSTSEC-2020-0148 on 2020-12-10: Multiple soundness issues in Ptr

Affected versions of this crate have the following issues:

  1. Ptr implements Send and Sync for all types, this can lead to data races by sending non-thread safe types across threads.

  2. Ptr::get violates mutable alias rules by returning multiple mutable references to the same object.

  3. Ptr::write uses non-atomic writes to the underlying pointer. This means that when used across threads it can lead to data races.

CVE-2020-36466

CVE-2020-36467

CVE-2020-36468

GHSA-f3mq-99jr-ww4r

GHSA-f9xr-3m55-5q2v

GHSA-pwhf-7427-9vv2

This crate has no reviews yet. To add a review, set up your cargo-crev.


Lib.rs has been able to verify that all files in the crate's tarball, except Cargo.lock, are in the crate's repository. Please note that this check is still in beta, and absence of this confirmation does not mean that the files don't match.

Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories, so there is a possibility that published crates have a misleading repository URL, or contain different code from the code in the repository.

To review the actual code of the crate, it's best to use cargo crev open cgc. Alternatively, you can download the tarball of cgc v0.4.0 or view the source online.