CVE-2020-36464: 
Rust vulnerability analysis and mitigation

An issue was discovered in the heapless crate before version 0.6.1 for Rust, identified as CVE-2020-36464. The vulnerability was reported on November 2, 2020, and affects the IntoIter Clone implementation in the Vec iterator. This vulnerability has been classified as a memory corruption and memory exposure issue (RustSec Advisory, GitHub Advisory).

The vulnerability exists in the IntoIter Clone implementation which incorrectly clones the entire underlying Vec without considering whether it has been partially consumed. This implementation flaw can lead to use-after-free access when cloning a partially consumed iterator. The vulnerability has been assigned a CVSS v3.1 score of 7.5 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (RustSec Advisory).

When exploited, this vulnerability can result in use-after-free memory access, potentially leading to memory corruption and memory exposure. The CVSS scoring indicates high impact on system availability, though confidentiality and integrity impacts are not directly affected (RustSec Advisory).

The vulnerability has been patched in heapless version 0.6.1 and later. Users are advised to upgrade to version 0.6.1 or newer to address this security issue (RustSec Advisory).