Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseRUSTSEC-2022-0008
RUSTSEC-2022-0008:
Rust vulnerability analysis and mitigation
Overview
The vulnerability RUSTSEC-2022-0008 was identified in the TypedEventHandler implementation within the windows-rs crate. The issue relates to unsound behavior in handling thread-safe operations, where the crate incorrectly allows safe code to send non-Send types across thread boundaries (GitHub Issue).
Technical details
The vulnerability stems from the TypedEventHandler::new constructor implementation, which lacks proper thread safety bounds. Specifically, the FnMut closure used in the constructor does not enforce the Send trait bound, allowing potentially unsafe cross-thread operations. This becomes particularly problematic when used with methods like Direct3D11CaptureFramePool::CreateFreeThreaded, where callbacks run on worker threads (GitHub Issue).
Impact
The vulnerability could lead to undefined behavior in multi-threaded applications using the windows-rs crate, particularly when handling event callbacks across different threads. This could potentially result in memory safety violations and application crashes when non-thread-safe types are inadvertently shared between threads (GitHub Issue).
Additional resources
Source: This report was generated using AI
Related Rust vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management