CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Description
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-26 · CAPEC-29
CVEs mapped to this weakness (1,091)
page 37 of 55| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-36455 | — | 0.00 | — | 0.01 | Aug 8, 2021 | An issue was discovered in the slock crate through 2020-11-17 for Rust. Slock unconditionally implements Send and Sync. | ||
| CVE-2020-36456 | — | 0.00 | — | 0.01 | Aug 8, 2021 | An issue was discovered in the toolshed crate through 2020-11-15 for Rust. In CopyCell, the Send trait lacks bounds on the contained type. | ||
| CVE-2020-36457 | — | 0.00 | — | 0.01 | Aug 8, 2021 | An issue was discovered in the lever crate before 0.1.1 for Rust. AtomicBox implements the Send and Sync traits for all types T. | ||
| CVE-2020-36458 | — | 0.00 | — | 0.01 | Aug 8, 2021 | An issue was discovered in the lexer crate through 2020-11-10 for Rust. For ReaderResult<T, E>, there is an implementation of Sync with a trait bound of T: Send, E: Send. | ||
| CVE-2020-36459 | — | 0.00 | — | 0.01 | Aug 8, 2021 | An issue was discovered in the dces crate through 2020-12-09 for Rust. The World type is marked as Send but lacks bounds on its EntityStore and ComponentStore. | ||
| CVE-2020-36460 | — | 0.00 | — | 0.01 | Aug 8, 2021 | An issue was discovered in the model crate through 2020-11-10 for Rust. The Shared data structure has an implementation of the Send and Sync traits without regard for the inner type. | ||
| CVE-2020-36461 | — | 0.00 | — | 0.01 | Aug 8, 2021 | An issue was discovered in the noise_search crate through 2020-12-10 for Rust. There are unconditional implementations of Send and Sync for MvccRwLock. | ||
| CVE-2020-36462 | — | 0.00 | — | 0.01 | Aug 8, 2021 | An issue was discovered in the syncpool crate before 0.1.6 for Rust. There is an unconditional implementation of Send for Bucket2. | ||
| CVE-2020-36463 | — | 0.00 | — | 0.01 | Aug 8, 2021 | An issue was discovered in the multiqueue crate through 2020-12-25 for Rust. There are unconditional implementations of Send for InnerSend<RW, T>, InnerRecv<RW, T>, FutInnerSend<RW, T>, and FutInnerRecv<RW, T>. | ||
| CVE-2020-36466 | — | 0.00 | — | 0.01 | Aug 8, 2021 | An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr implements Send and Sync for all types. | ||
| CVE-2020-36469 | — | 0.00 | — | 0.01 | Aug 8, 2021 | An issue was discovered in the appendix crate through 2020-11-15 for Rust. For the generic K and V type parameters, Send and Sync are implemented unconditionally. | ||
| CVE-2020-36470 | — | 0.00 | — | 0.01 | Aug 8, 2021 | An issue was discovered in the disrustor crate through 2020-12-17 for Rust. RingBuffer doe not properly limit the number of mutable references. | ||
| CVE-2020-36471 | — | 0.00 | — | 0.01 | Aug 8, 2021 | An issue was discovered in the generator crate before 0.7.0 for Rust. It does not ensure that a function (for yielding values) has Send bounds. | ||
| CVE-2020-36472 | — | 0.00 | — | 0.01 | Aug 8, 2021 | An issue was discovered in the max7301 crate before 0.2.0 for Rust. The ImmediateIO and TransactionalIO types implement Sync for all Expander types that they contain. | ||
| CVE-2021-38191 | — | 0.00 | — | 0.01 | Aug 8, 2021 | An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread. | ||
| CVE-2021-32810 | 0.00 | — | 0.02 | Aug 2, 2021 | crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are… | |||
| CVE-2021-30465 | — | 0.00 | — | 0.07 | May 27, 2021 | runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on… | ||
| CVE-2020-15522 | — | 0.00 | — | 0.02 | May 20, 2021 | Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the… | ||
| CVE-2021-28037 | — | 0.00 | — | 0.01 | Mar 5, 2021 | An issue was discovered in the internment crate before 0.4.2 for Rust. There is a data race that can cause memory corruption because of the unconditional implementation of Sync for Intern. | ||
| CVE-2020-36203 | — | 0.00 | — | 0.00 | Jan 22, 2021 | An issue was discovered in the reffers crate through 2020-12-01 for Rust. ARefss can contain a !Send,!Sync object, leading to a data race and memory corruption. |
- CVE-2020-36455Aug 8, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the slock crate through 2020-11-17 for Rust. Slock unconditionally implements Send and Sync.
- CVE-2020-36456Aug 8, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the toolshed crate through 2020-11-15 for Rust. In CopyCell, the Send trait lacks bounds on the contained type.
- CVE-2020-36457Aug 8, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the lever crate before 0.1.1 for Rust. AtomicBox implements the Send and Sync traits for all types T.
- CVE-2020-36458Aug 8, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the lexer crate through 2020-11-10 for Rust. For ReaderResult<T, E>, there is an implementation of Sync with a trait bound of T: Send, E: Send.
- CVE-2020-36459Aug 8, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the dces crate through 2020-12-09 for Rust. The World type is marked as Send but lacks bounds on its EntityStore and ComponentStore.
- CVE-2020-36460Aug 8, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the model crate through 2020-11-10 for Rust. The Shared data structure has an implementation of the Send and Sync traits without regard for the inner type.
- CVE-2020-36461Aug 8, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the noise_search crate through 2020-12-10 for Rust. There are unconditional implementations of Send and Sync for MvccRwLock.
- CVE-2020-36462Aug 8, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the syncpool crate before 0.1.6 for Rust. There is an unconditional implementation of Send for Bucket2.
- CVE-2020-36463Aug 8, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the multiqueue crate through 2020-12-25 for Rust. There are unconditional implementations of Send for InnerSend<RW, T>, InnerRecv<RW, T>, FutInnerSend<RW, T>, and FutInnerRecv<RW, T>.
- CVE-2020-36466Aug 8, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr implements Send and Sync for all types.
- CVE-2020-36469Aug 8, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the appendix crate through 2020-11-15 for Rust. For the generic K and V type parameters, Send and Sync are implemented unconditionally.
- CVE-2020-36470Aug 8, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the disrustor crate through 2020-12-17 for Rust. RingBuffer doe not properly limit the number of mutable references.
- CVE-2020-36471Aug 8, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the generator crate before 0.7.0 for Rust. It does not ensure that a function (for yielding values) has Send bounds.
- CVE-2020-36472Aug 8, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the max7301 crate before 0.2.0 for Rust. The ImmediateIO and TransactionalIO types implement Sync for all Expander types that they contain.
- CVE-2021-38191Aug 8, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread.
- CVE-2021-32810Aug 2, 2021risk 0.00cvss —epss 0.02
crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are…
- CVE-2021-30465May 27, 2021risk 0.00cvss —epss 0.07
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on…
- CVE-2020-15522May 20, 2021risk 0.00cvss —epss 0.02
Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the…
- CVE-2021-28037Mar 5, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the internment crate before 0.4.2 for Rust. There is a data race that can cause memory corruption because of the unconditional implementation of Sync for Intern.
- CVE-2020-36203Jan 22, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the reffers crate through 2020-12-01 for Rust. ARefss can contain a !Send,!Sync object, leading to a data race and memory corruption.