CVE-2020-36207: Data races in aovec

August 25, 2021

An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because Aovec does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur.

References

github.com/advisories/GHSA-g489-xrw3-3v8w
github.com/krl/aovec
nvd.nist.gov/vuln/detail/CVE-2020-36207
rustsec.org/advisories/RUSTSEC-2020-0099.html

Code Behaviors & Features

Detect and mitigate CVE-2020-36207 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →