CVE-2020-36434: 
Rust vulnerability analysis and mitigation

A vulnerability was discovered in the sys-info crate for Rust, identified as CVE-2020-36434. The issue affects versions before 0.8.0 and was discovered on May 31, 2020. The vulnerability involves a double-free condition that occurs when calling sysinfo::diskinfo functions (RustSec Advisory).

The vulnerability stems from the use of a static, global list to store temporary disk information during runtime. The cleanup function 'DFCleanup' incorrectly assumes a single-threaded environment, leading to attempts to free the same memory twice in multithreaded scenarios. This implementation flaw received a CVSS v3.1 base score of 9.8 (CRITICAL) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating high severity across confidentiality, integrity, and availability impacts (NVD, RustSec Advisory).

The vulnerability results in consistent double-frees and segfaults when sysinfo::diskinfo is called from multiple threads simultaneously, potentially leading to memory corruption and application crashes (RustSec Advisory).

The vulnerability has been patched in version 0.8.0 of the sys-info crate by moving the global variable into a local scope. As an alternative, users are recommended to switch to the 'sysinfo' crate available on crates.io (RustSec Advisory).