CVE-2020-36439: 
Rust vulnerability analysis and mitigation

The vulnerability CVE-2020-36439 affects the ticketed_lock Rust crate, which was discovered on November 17, 2020. The issue involves the incorrect implementation of Send trait for ReadTicket and WriteTicket types, where these types were unconditionally marked as Send without proper bounds checking for the generic type T (RustSec Advisory).

The vulnerability stems from the ticketed_lock crate's implementation where ReadTicket and WriteTicket types were unconditionally implementing the Send trait without verifying if the underlying generic type T was Send-safe. This implementation flaw could allow non-Send types to be sent across thread boundaries. The vulnerability has a CVSS v3.1 base score of 8.1 (High), with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H (RustSec Advisory).

The vulnerability can lead to data races by allowing the cloning of types with internal mutability and sending them to other threads as T of ReadTicket/WriteTicket. These data races can result in memory corruption or other undefined behavior, potentially compromising the integrity and security of the affected systems (RustSec Advisory).

The vulnerability was patched in version 0.3.0 of the ticketed_lock crate. The fix was implemented in commit a986a93 by adding T: Send bounds to Send implementations of ReadTicket/WriteTicket. Users are advised to upgrade to version 0.3.0 or later to address this vulnerability (RustSec Advisory).