CVE-2020-36466: 
Rust vulnerability analysis and mitigation

An issue was discovered in the cgc crate through 2020-12-10 for Rust. The vulnerability involves multiple soundness issues in the Ptr implementation, including unsafe thread handling, violation of mutable alias rules, and non-atomic pointer writes. The vulnerability was assigned CVE-2020-36466 and was reported on December 10, 2020 (RustSec).

The vulnerability has three main technical aspects: 1) The Ptr type incorrectly implements Send and Sync traits for all types, which can lead to data races when non-thread safe types are sent across threads, 2) The Ptr::get function violates Rust's mutable alias rules by returning multiple mutable references to the same object, and 3) Ptr::write performs non-atomic writes to the underlying pointer, potentially causing data races in multi-threaded contexts. The vulnerability has been assigned a CVSS score of 5.9 (Medium) with vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H (RustSec).

The vulnerability can lead to memory corruption and data races in multi-threaded applications using the cgc crate. The primary impact is on application availability (High), while there are no direct impacts on confidentiality or integrity according to the CVSS scoring (RustSec).

As of the vulnerability disclosure, no patched versions of the crate are available (RustSec). Users should consider using alternative crates or implementing their own safe pointer handling mechanisms.