CVE-2020-36448

Vulnerability

The cache crate (versions up to 2020-11-24) unconditionally implements the Send and Sync traits for Cache without requiring the key type K to be Send or Sync [1][2]. This violates Rust's safety guarantees because it allows a Cache to be sent across threads or shared via references even when K is not thread-safe, enabling data races and memory corruption.

Exploitation

An attacker does not need special network access; exploitation occurs when a developer uses the cache crate with a key type K that is not Send or Sync. By constructing a Cache with such a key and then sending it to another thread or sharing it, the attacker can trigger undefined behavior. The attack complexity is high because it requires the developer to use a non-thread-safe key type and the specific code path that transfers the cache across threads [2].

Impact

Successful exploitation can lead to memory corruption, data races, and potentially arbitrary code execution. The CVSS score is 8.1 (High) with impacts on confidentiality, integrity, and availability [2]. The attacker can achieve high impact on all three CIA pillars, but the attack complexity is high.

Mitigation

As of the advisory publication, there are no patched versions of the cache crate [2]. The crate appears to be unmaintained; users should avoid using it with non-thread-safe key types or migrate to an alternative caching library. No workaround is provided in the references.