GHSA-p75v-367r-2v23: 
Rust vulnerability analysis and mitigation

The cell-project crate contained a critical vulnerability related to incorrect variance when projecting through &Cell<T>. The issue was discovered in versions prior to 0.1.4 and was fixed in version 0.1.4. The vulnerability stemmed from the cell_project macro's implementation which incorrectly used field as *const _ instead of field as *mut _, leading to unsound behavior due to relaxed variance constraints (GitHub Advisory, RustSec Advisory).

The technical issue arose because *const T is covariant in T while *mut T is invariant in T. Since &Cell is invariant in T, casting to *const T incorrectly relaxed the variance, resulting in undefined behavior. This was particularly problematic when dealing with self-referential types and Drop implementations. The issue was confirmed through MIRI testing, which revealed undefined behavior related to memory access and tag protection violations (GitHub Issue).

The vulnerability could lead to memory corruption and undefined behavior in Rust programs using the cell-project crate. The issue specifically affected programs that relied on the cell_project macro for projecting through &Cell, potentially causing unexpected behavior in memory management and type safety guarantees (GitHub Advisory).

The issue was resolved in version 0.1.4 of the cell-project crate. Users are advised to update to this version or later, which may result in compile errors for previously unsound usage patterns. The fix involved correcting the variance by using proper pointer types in the macro implementation (GitHub PR).

The vulnerability was discovered and reported by GitHub user SoniEx2, leading to discussions about maintenance and safety of the crate. The project maintainer acknowledged the issue and implemented the fix, while also committing to add MIRI tests to CI to prevent similar issues in the future (GitHub PR).