Race condition in try-mutex - #VU49110
Published: December 21, 2020
Vulnerability identifier: #VU49110
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-362
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Mike Pedersen
Affected software:
try-mutex
try-mutex
Detailed vulnerability description
The vulnerability allows an attacker to escalate privileges within the application.
The vulnerability exists due to unconditional implementation of Sync trait for TryMutex type. An attacker can exploit the race to put non-Send T type in TryMutex and send it to another thread.
Remediation
Install updates from vendor's website.