CVE-2020-36323: 
Alibaba Cloud Linux (Aliyun Linux) vulnerability analysis and mitigation

CVE-2020-36323 is a security vulnerability discovered in the Rust programming language's standard library affecting versions before 1.52.0. The vulnerability stems from an optimization in the string joining functionality that could potentially expose uninitialized bytes or cause program crashes if a borrowed string changes after its length is checked (NVD, MITRE).

The vulnerability exists in the joingenericcopy function of the Rust standard library. The issue occurs when the borrow result is first used for length calculation, and then the user-provided slice is borrowed again for content copying. If the borrowed string changes between these operations, it can lead to exposure of uninitialized memory or program crashes. The vulnerability received a CVSS v3.1 base score of 8.2 (High), with attack vector: Network, attack complexity: Low, privileges required: None, user interaction: None, scope: Unchanged, confidentiality: Low, integrity: None, and availability: High (Ubuntu).

The vulnerability can result in exposure of uninitialized bytes in memory or cause program crashes. Because Rust is statically linked, affected applications need to be rebuilt to benefit from the fixes. The actual security implications depend on how these APIs are used in each particular case (Fedora).

The vulnerability was fixed in Rust version 1.52.0. Users are advised to upgrade to this version or later. The fix was also backported to various Linux distributions including Fedora 32, 33, and 34 through security updates (Fedora).