CVE-2020-36467: 
Rust vulnerability analysis and mitigation

An issue was discovered in the cgc crate through 2020-12-10 for Rust, where Ptr::get returns more than one mutable reference to the same object. This vulnerability was assigned CVE-2020-36467 and was reported on December 10, 2020. The vulnerability affects the cgc crate's Ptr implementation and has been assigned a CVSS v3.1 base score of 5.9 (Medium) (RUSTSEC Advisory).

The vulnerability stems from a violation of Rust's mutable alias rules in the Ptr::get implementation. The issue is part of multiple soundness problems in the Ptr implementation, where the function returns multiple mutable references to the same object, breaking Rust's fundamental memory safety guarantees. The vulnerability has been assigned a CVSS v3.1 vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating network vector accessibility with high attack complexity and potential high impact on availability (RUSTSEC Advisory).

The vulnerability can lead to memory corruption and potential data races when the affected code is used in concurrent contexts. The CVSS scoring indicates that while there is no direct impact on confidentiality or integrity, there is a high impact on system availability. This is particularly concerning as it breaks Rust's memory safety guarantees, which are fundamental to the language's security model (RUSTSEC Advisory).

As of the last available information, there are no patched versions available for this vulnerability. Users of the cgc crate should consider alternative implementations or carefully review their usage of the Ptr::get functionality to ensure it's not used in ways that could lead to memory corruption or data races (RUSTSEC Advisory).