Rust Crates.io Security Advisory
Affected versions can run the
Drop impl of a non-Send type on a different
thread than it was created on.
The flaw occurs when a stderr write performed by the
threadalone crate fails,
for example because stderr is redirected to a location on a filesystem that is
full, or because stderr is a pipe that has been closed by the reader.
Dropping a non-Send type on the wrong thread is unsound. If used with a type
such as a pthread-based
MutexGuard, the consequence is undefined
behavior. If used with
Rc, there would be a data race on the
reference count, which is likewise undefined behavior.
Advisory available under CC0-1.0