CVE-2020-36207

Vulnerability

Description The aovec crate (through 2020-12-10) for Rust defined Aovec as a vector type that unconditionally implements the Send and Sync traits for all types T [1][2]. This means that even non-Send types like Rc (reference-counted pointer) and non-Sync types like Cell (interior mutability) were considered safe to transfer and share across threads, which is incorrect [2]. The lack of proper trait bounds on Aovec violates Rust's thread-safety guarantees [1].

Exploitation

Conditions To exploit this vulnerability, an attacker would need to introduce a non-Send or non-Sync type into an Aovec and then use the object across multiple threads [2]. Because Aovec advertises itself as thread-safe for any T, a programmer (or a malicious dependency) can create a data race accidentally or deliberately [2]. The attack requires access to the local system and low privileges, but the attack complexity is high [2].

Impact

Exploitation leads to undefined behavior including data races and memory corruption [1][2]. This can potentially result in information disclosure, integrity compromise, or denial of service — the CVSS v3.1 score is 7.0 HIGH with impacts on confidentiality, integrity, and availability all rated as HIGH [2].

Mitigation

Status As of the advisory publication, there is no patched version of the aovec crate [2]. The crate appears to be unmaintained; users should avoid using it or ensure that only Send + Sync types are placed into Aovec [2]. The vulnerability is tracked in the RustSec Advisory Database as RUSTSEC-2020-0099 [2].