{"id":"RUSTSEC-2020-0034","summary":"Multiple security issues including data race, buffer overflow, and uninitialized memory drop","details":"`arr` crate contains multiple security issues. Specifically,\n\n1. It incorrectly implements Sync/Send bounds, which allows to smuggle non-Sync/Send types across the thread boundary.\n2. `Index` and `IndexMut` implementation does not check the array bound.\n3. `Array::new_from_template()` drops uninitialized memory.","aliases":["CVE-2020-35886","CVE-2020-35887","CVE-2020-35888","GHSA-36xw-hgfv-jwm7","GHSA-c7fw-cr3w-wvfc","GHSA-fhvj-7f9p-w788"],"modified":"2023-11-02T05:41:15.772188Z","published":"2020-08-25T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/arr"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2020-0034.html"},{"type":"REPORT","url":"https://github.com/sjep/array/issues/1"}],"affected":[{"package":{"name":"arr","ecosystem":"crates.io","purl":"pkg:cargo/arr"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"}]}],"ecosystem_specific":{"affects":{"functions":[],"os":[],"arch":[]},"affected_functions":null},"database_specific":{"informational":null,"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0034.json","categories":["memory-corruption","thread-safety"],"cvss":null}}],"schema_version":"1.7.3"}