CVE-2020-36466

Name of the Vulnerable Software and Affected Versions cgc crate versions through 2020-12-10

Description The issue concerns the Ptr implementation in the cgc crate, which implements Send and Sync for all types. This can lead to data races by sending non-thread safe types across threads. Additionally, Ptr::get violates mutable alias rules by returning multiple mutable references to the same object, and Ptr::write uses non-atomic writes to the underlying pointer, leading to potential data races when used across threads.

Recommendations As a temporary workaround, consider disabling the Ptr implementation until a patch is available. Restrict access to the Ptr::get and Ptr::write functions to minimize the risk of exploitation. Avoid using the Ptr implementation across threads until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.