CVE-2020-36452: 
Rust vulnerability analysis and mitigation

An issue was discovered in the array-tools crate before version 0.3.2 for Rust, where FixedCapacityDequeLike::clone() has a drop of uninitialized memory. The vulnerability was discovered on December 31, 2020, and affects the array-tools package on crates.io. This vulnerability has been assigned CVE-2020-36452 with a CVSS score of 9.8 (Critical) (RustSec Advisory).

The vulnerability occurs in the FixedCapacityDequeLike::clone() implementation where the crate doesn't properly guard against panics. When the user-provided T::clone() panics during the cloning operation, it results in a partially uninitialized buffer being dropped, leading to memory corruption. The vulnerability has been assigned a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating its critical severity with network attack vector, low attack complexity, and no required privileges or user interaction (RustSec Advisory).

The vulnerability can lead to memory corruption when the affected code path is triggered. Given the CVSS metrics, successful exploitation could result in high impact on confidentiality, integrity, and availability of the affected system (RustSec Advisory).

The vulnerability has been patched in version 0.3.2 of the array-tools crate. Users should upgrade to version 0.3.2 or later to address this security issue (RustSec Advisory).