CVE-2021-45710 — Race Condition in Tokio

CWE-362 — Race Condition7 documents5 sources

Severity

8.1HIGHNVD

EPSS

0.2%

top 58.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tokio Debian Rust-tokio

Timeline

PublishedDec 27

Latest updateJan 6

Description

An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/rust-tokio< rust-tokio 1.15.0-1 (bookworm)

▶NVDtokio/tokio0.1.14 — 1.8.4+1

▶crates.iotokio/tokio0.1.14 — 1.8.4+1

Patches

Patch: rustsec.org ↗Patch: rustsec.org ↗

🔴Vulnerability Details

OSV

Race Condition in tokio↗2022-01-06

▶

GHSA

Race Condition in tokio↗2022-01-06

▶

OSV

CVE-2021-45710: An issue was discovered in the tokio crate before 1↗2021-12-27

▶

OSV

Data race when sending and receiving after closing a `oneshot` channel↗2021-11-16

▶

📋Vendor Advisories

Red Hat

tokio: Race leads to panic in oneshot::Sender::send()↗2021-12-27

▶

Debian

CVE-2021-45710: rust-tokio - An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13....↗2021

▶