CVE-2022-36086: 
Rust vulnerability analysis and mitigation

CVE-2022-36086 is a high-severity vulnerability affecting the linked-list-allocator Rust crate versions <=0.10.1. The vulnerability was discovered in September 2022 and involves potential out-of-bounds writes during heap initialization and extension operations. The issue affects all initialization functions on the Heap and LockedHeap types, including Heap::new, Heap::init, Heap::initfromslice, and LockedHeap::new, as well as multiple uses of the Heap::extend method (GitHub Advisory).

The vulnerability stems from multiple implementation flaws: 1) Heap initialization methods lacked minimum size checks for heap size arguments, potentially leading to out-of-bounds writes when initialized with size smaller than 3 * size_of::. 2) The Heap::extend method could cause out-of-bounds writes when called with sizes smaller than two usizes, when called on an empty heap, or when the heap size was not properly aligned. 3) Unaligned writes could occur when calling Heap::extend on a heap whose size is not a multiple of two usizes, leaving the heap in an unexpected state (GitHub Advisory).

The vulnerability could lead to out-of-bounds writes, which could potentially allow attackers to corrupt memory. This could result in undefined behavior, particularly on platforms that fault on unaligned writes. The issue affects all users of the linked-list-allocator crate versions 0.10.1 and earlier (GitHub Advisory).

The vulnerability has been patched in version 0.10.2 of the linked-list-allocator crate. The patch includes several fixes: initialization functions now panic if given size is insufficient, extend method panics on uninitialized heaps, small extend calls are buffered internally, and the size() method returns the usable heap size. As a workaround, users should ensure heap initialization size is larger than 3 size_of::, Heap::extend is called with sizes larger than 2 sizeof::(), and total heap size remains a multiple of 2 * sizeof::() (GitHub Advisory).