CVE-2019-16137

HIGH

spin <0.5.2 - Memory Corruption

Title source: llm

Description

An issue was discovered in the spin crate before 0.5.2 for Rust, when RwLock is used. Because memory ordering is mishandled, two writers can acquire the lock at the same time, violating mutual exclusion.

References (1)

[Third Party Advisory] https://rustsec.org/advisories/RUSTSEC-2019-0013.html

Scores

CVSS v3 7.5

EPSS 0.0032

EPSS Percentile 55.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-662

Status published

Products (2)

crates.io/spin 0 - 0.5.2crates.io

spin-rs_project/spin-rs < 0.5.2

Published Sep 09, 2019

Tracked Since Feb 18, 2026