CVE-2020-35876: 
Rust vulnerability analysis and mitigation

An issue was discovered in the rio crate through 2020-05-11 for Rust. A struct can be leaked, allowing attackers to obtain sensitive information when a rio::Completion is leaked, as its drop code will not run. The drop code is responsible for waiting until the kernel completes the I/O operation into, or out of, the buffer borrowed by rio::Completion (RustSec).

The vulnerability occurs when a rio::Completion struct is leaked, preventing its drop code from executing. The drop code is critical as it waits for kernel I/O operations to complete on the borrowed buffer. Without proper execution of the drop code, the buffer can be accessed or dropped prematurely. This has a CVSS score of 9.8 (Critical), with attack vector being Network, low attack complexity, and no privileges or user interaction required (RustSec).

The vulnerability can lead to use-after-free conditions, data races, or the leaking of sensitive information. The impact is rated as High for Confidentiality, Integrity, and Availability according to the CVSS metrics (RustSec).

No patched versions are available as the upstream maintainers are not interested in fixing the issue. Users should consider alternative solutions or implement their own safeguards against buffer leaks (RustSec).