Moderate severityNVD Advisory· Published Dec 31, 2020· Updated Aug 4, 2024

CVE-2020-35907

Description

An issue was discovered in the futures-task crate before 0.3.5 for Rust. futures_task::noop_waker_ref allows a NULL pointer dereference.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

The futures-task crate before 0.3.5 allows a NULL pointer dereference via the noop_waker_ref function, leading to a potential denial of service.

Vulnerability

Overview

CVE-2020-35907 is a vulnerability in the futures-task crate (part of the futures-rs library) prior to version 0.3.5. The flaw resides in the futures_task::noop_waker_ref function, which can cause a NULL pointer dereference under specific conditions, leading to a segfault and denial of service [1][2].

Exploitation

Details

The root cause is that noop_waker_ref() returns a &'static Waker reference that points into thread-local storage (TLS). However, the Waker type implements the Sync trait, making &'static Waker also Send. This allows the returned reference to be used across threads, potentially outliving the thread from which it was obtained. When used after the originating thread has exited, the TLS data becomes invalid and dereferencing the pointer causes a crash [4]. An attacker with local access and low privileges can trigger this by crafting a multi-threaded scenario that exploits the unsound lifetime assumption [1][2].

Impact

Successful exploitation results in a denial of service (application crash) due to a segfault. The vulnerability has a CVSS 3.1 base score of 5.5 (Medium) with an availability impact of High, while confidentiality and integrity are unaffected [1][2]. No code execution or privilege escalation is possible.

Mitigation

The issue is fixed in futures-task version 0.3.5 and later. Users should update their dependencies to at least 0.3.5 [1]. The RustSec advisory lists the patched version and provides additional references [1]. Affected versions include all releases before 0.3.5.

References

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
futures-taskcrates.io	< 0.3.5	0.3.5

Affected products

Rust/futures-taskdescription
ghsa-coords
pkg:cargo/futures-task
Range: < 0.3.5

Patches

4ceafb384c18

Stage 0.3.5

https://github.com/rust-lang/futures-rsTaylor CramerMay 8, 2020via osv

commit

24 files changed · +87 −70

CHANGELOG.md+17 −0 modified

@@ -1,3 +1,20 @@
+# 0.3.5 - 2020-05-08
+* Added `StreamExt::flat_map`.
+* Added `StreamExt::ready_chunks`.
+* Added `*_unpin` methods to `SinkExt`.
+* Added a `cancellation()` future to `oneshot::Sender`.
+* Added `reunite` method to `ReadHalf` and `WriteHalf`.
+* Added `Extend` implementations for `Futures(Un)Ordered` and `SelectAll`.
+* Added support for reexporting the `join!` and `select!` macros.
+* Added `no_std` support for the `pending!` and `poll!` macros.
+* Added `Send` and `Sync` support for `AssertUnmoved`.
+* Fixed a bug where `Shared` wasn't relinquishing control to the executor.
+* Removed the `Send` bound on the output of `RemoteHandle`.
+* Relaxed bounds on `FuturesUnordered`.
+* Reorganized internal tests to work under different `--feature`s.
+* Reorganized the bounds on `StreamExt::forward`.
+* Removed and replaced a large amount of internal `unsafe`.
+
 # 0.3.4 - 2020-02-06
 * Fixed missing `Drop` for `UnboundedReceiver` (#2064)

examples/functional/Cargo.toml+3 −3 modified

@@ -1,14 +1,14 @@
 [package]
 name = "futures-example-functional"
 edition = "2018"
-version = "0.3.0"
+version = "0.3.5"
 authors = ["Alex Crichton <alex@alexcrichton.com>"]
 license = "MIT OR Apache-2.0"
 readme = "../README.md"
 keywords = ["futures", "async", "future"]
 repository = "https://github.com/rust-lang/futures-rs"
 homepage = "https://rust-lang.github.io/futures-rs"
-documentation = "https://docs.rs/futures/0.3.0"
+documentation = "https://docs.rs/futures/0.3.5"
 description = """
 An implementation of futures and streams featuring zero allocations,
 composability, and iterator-like interfaces.
@@ -17,4 +17,4 @@ categories = ["asynchronous"]
 publish = false
 
 [dependencies]
-futures = { path = "../../futures", version = "0.3.0", features = ["thread-pool"] }
+futures = { path = "../../futures", version = "0.3.5", features = ["thread-pool"] }

examples/imperative/Cargo.toml+3 −3 modified

@@ -1,14 +1,14 @@
 [package]
 name = "futures-example-imperative"
 edition = "2018"
-version = "0.3.0"
+version = "0.3.5"
 authors = ["Alex Crichton <alex@alexcrichton.com>"]
 license = "MIT OR Apache-2.0"
 readme = "../README.md"
 keywords = ["futures", "async", "future"]
 repository = "https://github.com/rust-lang/futures-rs"
 homepage = "https://rust-lang.github.io/futures-rs"
-documentation = "https://docs.rs/futures/0.3.0"
+documentation = "https://docs.rs/futures/0.3.5"
 description = """
 An implementation of futures and streams featuring zero allocations,
 composability, and iterator-like interfaces.
@@ -17,4 +17,4 @@ categories = ["asynchronous"]
 publish = false
 
 [dependencies]
-futures = { path = "../../futures", version = "0.3.0", features = ["thread-pool"] }
+futures = { path = "../../futures", version = "0.3.5", features = ["thread-pool"] }

futures/Cargo.toml+11 −11 modified

@@ -1,14 +1,14 @@
 [package]
 name = "futures"
 edition = "2018"
-version = "0.3.4"
+version = "0.3.5"
 authors = ["Alex Crichton <alex@alexcrichton.com>"]
 license = "MIT OR Apache-2.0"
 readme = "../README.md"
 keywords = ["futures", "async", "future"]
 repository = "https://github.com/rust-lang/futures-rs"
 homepage = "https://rust-lang.github.io/futures-rs"
-documentation = "https://docs.rs/futures/0.3.0"
+documentation = "https://docs.rs/futures/0.3.5"
 description = """
 An implementation of futures and streams featuring zero allocations,
 composability, and iterator-like interfaces.
@@ -19,18 +19,18 @@ categories = ["asynchronous"]
 travis-ci = { repository = "rust-lang/futures-rs" }
 
 [dependencies]
-futures-core = { path = "../futures-core", version = "0.3.4", default-features = false }
-futures-task = { path = "../futures-task", version = "0.3.4", default-features = false }
-futures-channel = { path = "../futures-channel", version = "0.3.4", default-features = false, features = ["sink"] }
-futures-executor = { path = "../futures-executor", version = "0.3.4", default-features = false, optional = true }
-futures-io = { path = "../futures-io", version = "0.3.4", default-features = false }
-futures-sink = { path = "../futures-sink", version = "0.3.4", default-features = false }
-futures-util = { path = "../futures-util", version = "0.3.4", default-features = false, features = ["sink"] }
+futures-core = { path = "../futures-core", version = "0.3.5", default-features = false }
+futures-task = { path = "../futures-task", version = "0.3.5", default-features = false }
+futures-channel = { path = "../futures-channel", version = "0.3.5", default-features = false, features = ["sink"] }
+futures-executor = { path = "../futures-executor", version = "0.3.5", default-features = false, optional = true }
+futures-io = { path = "../futures-io", version = "0.3.5", default-features = false }
+futures-sink = { path = "../futures-sink", version = "0.3.5", default-features = false }
+futures-util = { path = "../futures-util", version = "0.3.5", default-features = false, features = ["sink"] }
 
 [dev-dependencies]
 pin-utils = "0.1.0"
-futures-executor = { path = "../futures-executor", version = "0.3.4", features = ["thread-pool"] }
-futures-test = { path = "../futures-test", version = "0.3.4" }
+futures-executor = { path = "../futures-executor", version = "0.3.5", features = ["thread-pool"] }
+futures-test = { path = "../futures-test", version = "0.3.5" }
 tokio = "0.1.11"
 assert_matches = "1.3.0"

futures-channel/Cargo.toml+6 −6 modified

@@ -1,12 +1,12 @@
 [package]
 name = "futures-channel"
 edition = "2018"
-version = "0.3.4"
+version = "0.3.5"
 authors = ["Alex Crichton <alex@alexcrichton.com>"]
 license = "MIT OR Apache-2.0"
 repository = "https://github.com/rust-lang/futures-rs"
 homepage = "https://rust-lang.github.io/futures-rs"
-documentation = "https://docs.rs/futures-channel/0.3.0"
+documentation = "https://docs.rs/futures-channel/0.3.5"
 description = """
 Channels for asynchronous communication using futures-rs.
 """
@@ -24,12 +24,12 @@ unstable = ["futures-core/unstable"]
 cfg-target-has-atomic = ["futures-core/cfg-target-has-atomic"]
 
 [dependencies]
-futures-core = { path = "../futures-core", version = "0.3.4", default-features = false }
-futures-sink = { path = "../futures-sink", version = "0.3.4", default-features = false, optional = true }
+futures-core = { path = "../futures-core", version = "0.3.5", default-features = false }
+futures-sink = { path = "../futures-sink", version = "0.3.5", default-features = false, optional = true }
 
 [dev-dependencies]
-futures = { path = "../futures", version = "0.3.4", default-features = true }
-futures-test = { path = "../futures-test", version = "0.3.4", default-features = true }
+futures = { path = "../futures", version = "0.3.5", default-features = true }
+futures-test = { path = "../futures-test", version = "0.3.5", default-features = true }
 
 [package.metadata.docs.rs]
 all-features = true

futures-channel/src/lib.rs+1 −1 modified

@@ -17,7 +17,7 @@
 
 #![doc(test(attr(deny(warnings), allow(dead_code, unused_assignments, unused_variables))))]
 
-#![doc(html_root_url = "https://docs.rs/futures-channel/0.3.0")]
+#![doc(html_root_url = "https://docs.rs/futures-channel/0.3.5")]
 
 #[cfg(all(feature = "cfg-target-has-atomic", not(feature = "unstable")))]
 compile_error!("The `cfg-target-has-atomic` feature requires the `unstable` feature as an explicit opt-in to unstable features");

futures-core/Cargo.toml+3 −3 modified

@@ -1,12 +1,12 @@
 [package]
 name = "futures-core"
 edition = "2018"
-version = "0.3.4"
+version = "0.3.5"
 authors = ["Alex Crichton <alex@alexcrichton.com>"]
 license = "MIT OR Apache-2.0"
 repository = "https://github.com/rust-lang/futures-rs"
 homepage = "https://rust-lang.github.io/futures-rs"
-documentation = "https://docs.rs/futures-core/0.3.0"
+documentation = "https://docs.rs/futures-core/0.3.5"
 description = """
 The core traits and types in for the `futures` library.
 """
@@ -25,7 +25,7 @@ cfg-target-has-atomic = []
 [dependencies]
 
 [dev-dependencies]
-futures = { path = "../futures", version = "0.3.4" }
+futures = { path = "../futures", version = "0.3.5" }
 
 [package.metadata.docs.rs]
 all-features = true

futures-core/src/lib.rs+1 −1 modified

@@ -11,7 +11,7 @@
 
 #![doc(test(attr(deny(warnings), allow(dead_code, unused_assignments, unused_variables))))]
 
-#![doc(html_root_url = "https://docs.rs/futures-core/0.3.0")]
+#![doc(html_root_url = "https://docs.rs/futures-core/0.3.5")]
 
 #[cfg(all(feature = "cfg-target-has-atomic", not(feature = "unstable")))]
 compile_error!("The `cfg-target-has-atomic` feature requires the `unstable` feature as an explicit opt-in to unstable features");

futures-executor/Cargo.toml+6 −6 modified

@@ -1,12 +1,12 @@
 [package]
 name = "futures-executor"
 edition = "2018"
-version = "0.3.4"
+version = "0.3.5"
 authors = ["Alex Crichton <alex@alexcrichton.com>"]
 license = "MIT OR Apache-2.0"
 repository = "https://github.com/rust-lang/futures-rs"
 homepage = "https://rust-lang.github.io/futures-rs"
-documentation = "https://docs.rs/futures-executor/0.3.0"
+documentation = "https://docs.rs/futures-executor/0.3.5"
 description = """
 Executors for asynchronous tasks based on the futures-rs library.
 """
@@ -17,13 +17,13 @@ std = ["futures-core/std", "futures-task/std", "futures-util/std"]
 thread-pool = ["std", "num_cpus"]
 
 [dependencies]
-futures-core = { path = "../futures-core", version = "0.3.4", default-features = false }
-futures-task = { path = "../futures-task", version = "0.3.4", default-features = false }
-futures-util = { path = "../futures-util", version = "0.3.4", default-features = false }
+futures-core = { path = "../futures-core", version = "0.3.5", default-features = false }
+futures-task = { path = "../futures-task", version = "0.3.5", default-features = false }
+futures-util = { path = "../futures-util", version = "0.3.5", default-features = false }
 num_cpus = { version = "1.8.0", optional = true }
 
 [dev-dependencies]
-futures = { path = "../futures", version = "0.3.4" }
+futures = { path = "../futures", version = "0.3.5" }
 
 [package.metadata.docs.rs]
 all-features = true

futures-executor/src/lib.rs+1 −1 modified

@@ -12,7 +12,7 @@
 
 #![doc(test(attr(deny(warnings), allow(dead_code, unused_assignments, unused_variables))))]
 
-#![doc(html_root_url = "https://docs.rs/futures-executor/0.3.0")]
+#![doc(html_root_url = "https://docs.rs/futures-executor/0.3.5")]
 
 #[cfg(feature = "std")]
 mod local_pool;

futures-io/Cargo.toml+2 −2 modified

@@ -1,12 +1,12 @@
 [package]
 name = "futures-io"
 edition = "2018"
-version = "0.3.4"
+version = "0.3.5"
 authors = ["Alex Crichton <alex@alexcrichton.com>"]
 license = "MIT OR Apache-2.0"
 repository = "https://github.com/rust-lang/futures-rs"
 homepage = "https://rust-lang.github.io/futures-rs"
-documentation = "https://docs.rs/futures-io/0.3.0"
+documentation = "https://docs.rs/futures-io/0.3.5"
 description = """
 The `AsyncRead`, `AsyncWrite`, `AsyncSeek`, and `AsyncBufRead` traits for the futures-rs library.
 """

futures-io/src/lib.rs+1 −1 modified

@@ -19,7 +19,7 @@
 
 #![doc(test(attr(deny(warnings), allow(dead_code, unused_assignments, unused_variables))))]
 
-#![doc(html_root_url = "https://docs.rs/futures-io/0.3.0")]
+#![doc(html_root_url = "https://docs.rs/futures-io/0.3.5")]
 
 #[cfg(all(feature = "read-initializer", not(feature = "unstable")))]
 compile_error!("The `read-initializer` feature requires the `unstable` feature as an explicit opt-in to unstable features");

futures-macro/Cargo.toml+2 −2 modified

@@ -1,12 +1,12 @@
 [package]
 name = "futures-macro"
 edition = "2018"
-version = "0.3.4"
+version = "0.3.5"
 authors = ["Taylor Cramer <cramertj@google.com>", "Taiki Endo <te316e89@gmail.com>"]
 license = "MIT OR Apache-2.0"
 repository = "https://github.com/rust-lang/futures-rs"
 homepage = "https://rust-lang.github.io/futures-rs"
-documentation = "https://docs.rs/futures-macro/0.3.0"
+documentation = "https://docs.rs/futures-macro/0.3.5"
 description = """
 The futures-rs procedural macro implementations.
 """

futures-macro/src/lib.rs+1 −1 modified

@@ -8,7 +8,7 @@
 
 #![doc(test(attr(deny(warnings), allow(dead_code, unused_assignments, unused_variables))))]
 
-#![doc(html_root_url = "https://docs.rs/futures-join-macro/0.3.0")]
+#![doc(html_root_url = "https://docs.rs/futures-join-macro/0.3.5")]
 
 // Since https://github.com/rust-lang/cargo/pull/7700 `proc_macro` is part of the prelude for
 // proc-macro crates, but to support older compilers we still need this explicit `extern crate`.

futures-sink/Cargo.toml+2 −2 modified

@@ -1,12 +1,12 @@
 [package]
 name = "futures-sink"
 edition = "2018"
-version = "0.3.4"
+version = "0.3.5"
 authors = ["Alex Crichton <alex@alexcrichton.com>"]
 license = "MIT OR Apache-2.0"
 repository = "https://github.com/rust-lang/futures-rs"
 homepage = "https://rust-lang.github.io/futures-rs"
-documentation = "https://docs.rs/futures-sink/0.3.0"
+documentation = "https://docs.rs/futures-sink/0.3.5"
 description = """
 The asynchronous `Sink` trait for the futures-rs library.
 """

futures-sink/src/lib.rs+1 −1 modified

@@ -11,7 +11,7 @@
 
 #![doc(test(attr(deny(warnings), allow(dead_code, unused_assignments, unused_variables))))]
 
-#![doc(html_root_url = "https://docs.rs/futures-sink/0.3.0")]
+#![doc(html_root_url = "https://docs.rs/futures-sink/0.3.5")]
 
 #[cfg(feature = "alloc")]
 extern crate alloc;

futures/src/lib.rs+1 −1 modified

@@ -90,7 +90,7 @@
 
 #![doc(test(attr(deny(warnings), allow(dead_code, unused_assignments, unused_variables))))]
 
-#![doc(html_root_url = "https://docs.rs/futures/0.3.0")]
+#![doc(html_root_url = "https://docs.rs/futures/0.3.5")]
 
 #[cfg(all(feature = "cfg-target-has-atomic", not(feature = "unstable")))]
 compile_error!("The `cfg-target-has-atomic` feature requires the `unstable` feature as an explicit opt-in to unstable features");

futures-task/Cargo.toml+3 −3 modified

@@ -1,12 +1,12 @@
 [package]
 name = "futures-task"
 edition = "2018"
-version = "0.3.4"
+version = "0.3.5"
 authors = ["Alex Crichton <alex@alexcrichton.com>"]
 license = "MIT OR Apache-2.0"
 repository = "https://github.com/rust-lang/futures-rs"
 homepage = "https://rust-lang.github.io/futures-rs"
-documentation = "https://rust-lang.github.io/futures-api-docs/0.3.0-alpha.18/futures_core"
+documentation = "https://docs.rs/futures-task/0.3.5"
 description = """
 Tools for working with tasks.
 """
@@ -26,7 +26,7 @@ cfg-target-has-atomic = []
 once_cell = { version = "1.3.1", default-features = false, features = ["std"], optional = true }
 
 [dev-dependencies]
-futures = { path = "../futures", version = "0.3.4" }
+futures = { path = "../futures", version = "0.3.5" }
 
 [package.metadata.docs.rs]
 all-features = true

futures-task/src/lib.rs+1 −1 modified

@@ -11,7 +11,7 @@
 
 #![doc(test(attr(deny(warnings), allow(dead_code, unused_assignments, unused_variables))))]
 
-#![doc(html_root_url = "https://docs.rs/futures-task/0.3.0")]
+#![doc(html_root_url = "https://docs.rs/futures-task/0.3.5")]
 
 #[cfg(all(feature = "cfg-target-has-atomic", not(feature = "unstable")))]
 compile_error!("The `cfg-target-has-atomic` feature requires the `unstable` feature as an explicit opt-in to unstable features");

futures-test/Cargo.toml+8 −8 modified

@@ -1,27 +1,27 @@
 [package]
 name = "futures-test"
 edition = "2018"
-version = "0.3.4"
+version = "0.3.5"
 authors = ["Wim Looman <wim@nemo157.com>"]
 license = "MIT OR Apache-2.0"
 repository = "https://github.com/rust-lang/futures-rs"
 homepage = "https://rust-lang.github.io/futures-rs"
-documentation = "https://docs.rs/futures-test/0.3.0"
+documentation = "https://docs.rs/futures-test/0.3.5"
 description = """
 Common utilities for testing components built off futures-rs.
 """
 
 [dependencies]
-futures-core = { version = "0.3.4", path = "../futures-core", default-features = false }
-futures-task = { version = "0.3.4", path = "../futures-task", default-features = false }
-futures-io = { version = "0.3.4", path = "../futures-io", default-features = false }
-futures-util = { version = "0.3.4", path = "../futures-util", default-features = false }
-futures-executor = { version = "0.3.4", path = "../futures-executor", default-features = false }
+futures-core = { version = "0.3.5", path = "../futures-core", default-features = false }
+futures-task = { version = "0.3.5", path = "../futures-task", default-features = false }
+futures-io = { version = "0.3.5", path = "../futures-io", default-features = false }
+futures-util = { version = "0.3.5", path = "../futures-util", default-features = false }
+futures-executor = { version = "0.3.5", path = "../futures-executor", default-features = false }
 pin-utils = { version = "0.1.0", default-features = false }
 once_cell = { version = "1.3.1", default-features = false, features = ["std"], optional = true }
 
 [dev-dependencies]
-futures = { version = "0.3.4", path = "../futures", default-features = false, features = ["std", "executor"] }
+futures = { version = "0.3.5", path = "../futures", default-features = false, features = ["std", "executor"] }
 
 [features]
 default = ["std"]

futures-test/src/lib.rs+1 −1 modified

@@ -7,7 +7,7 @@
 
 #![doc(test(attr(deny(warnings), allow(dead_code, unused_assignments, unused_variables))))]
 
-#![doc(html_root_url = "https://docs.rs/futures-test/0.3.0")]
+#![doc(html_root_url = "https://docs.rs/futures-test/0.3.5")]
 
 #[cfg(not(feature = "std"))]
 compile_error!("`futures-test` must have the `std` feature activated, this is a default-active feature");

futures-util/Cargo.toml+10 −10 modified

@@ -1,12 +1,12 @@
 [package]
 name = "futures-util"
 edition = "2018"
-version = "0.3.4"
+version = "0.3.5"
 authors = ["Alex Crichton <alex@alexcrichton.com>"]
 license = "MIT OR Apache-2.0"
 repository = "https://github.com/rust-lang/futures-rs"
 homepage = "https://rust-lang.github.io/futures-rs"
-documentation = "https://docs.rs/futures-util/0.3.0"
+documentation = "https://docs.rs/futures-util/0.3.5"
 description = """
 Common utilities and extension traits for the futures-rs library.
 """
@@ -33,12 +33,12 @@ read-initializer = ["io", "futures-io/read-initializer", "futures-io/unstable"]
 write-all-vectored = ["io"]
 
 [dependencies]
-futures-core = { path = "../futures-core", version = "0.3.4", default-features = false }
-futures-task = { path = "../futures-task", version = "0.3.4", default-features = false }
-futures-channel = { path = "../futures-channel", version = "0.3.4", default-features = false, features = ["std"], optional = true }
-futures-io = { path = "../futures-io", version = "0.3.4", default-features = false, features = ["std"], optional = true }
-futures-sink = { path = "../futures-sink", version = "0.3.4", default-features = false, optional = true }
-futures-macro = { path = "../futures-macro", version = "0.3.4", default-features = false, optional = true }
+futures-core = { path = "../futures-core", version = "0.3.5", default-features = false }
+futures-task = { path = "../futures-task", version = "0.3.5", default-features = false }
+futures-channel = { path = "../futures-channel", version = "0.3.5", default-features = false, features = ["std"], optional = true }
+futures-io = { path = "../futures-io", version = "0.3.5", default-features = false, features = ["std"], optional = true }
+futures-sink = { path = "../futures-sink", version = "0.3.5", default-features = false, optional = true }
+futures-macro = { path = "../futures-macro", version = "0.3.5", default-features = false, optional = true }
 proc-macro-hack = { version = "0.5.9", optional = true }
 proc-macro-nested = { version = "0.1.2", optional = true }
 slab = { version = "0.4.2", optional = true }
@@ -49,8 +49,8 @@ pin-utils = "0.1.0"
 pin-project = "0.4.8"
 
 [dev-dependencies]
-futures = { path = "../futures", version = "0.3.4", features = ["async-await", "thread-pool"] }
-futures-test = { path = "../futures-test", version = "0.3.4" }
+futures = { path = "../futures", version = "0.3.5", features = ["async-await", "thread-pool"] }
+futures-test = { path = "../futures-test", version = "0.3.5" }
 tokio = "0.1.11"
 
 [package.metadata.docs.rs]

futures-util/src/lib.rs+1 −1 modified

@@ -16,7 +16,7 @@
 
 #![doc(test(attr(deny(warnings), allow(dead_code, unused_assignments, unused_variables))))]
 
-#![doc(html_root_url = "https://docs.rs/futures-util/0.3.0")]
+#![doc(html_root_url = "https://docs.rs/futures-util/0.3.5")]
 
 #[cfg(all(feature = "cfg-target-has-atomic", not(feature = "unstable")))]
 compile_error!("The `cfg-target-has-atomic` feature requires the `unstable` feature as an explicit opt-in to unstable features");

README.md+1 −1 modified

@@ -58,7 +58,7 @@ a `#[no_std]` environment, use:
 
 ```toml
 [dependencies]
-futures = { version = "0.3.4", default-features = false }
+futures = { version = "0.3.5", default-features = false }
 ```
 
 # License

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-p9m5-3hj7-cp5rghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2020-35907ghsaADVISORY
github.com/rust-lang/futures-rs/issues/2091ghsaWEB
rustsec.org/advisories/RUSTSEC-2020-0061.htmlghsax_refsource_MISCWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000