Miggo Logo
Miggo Vulnerability Database
CVE-2020-36467

CVE-2020-36467: Multiple soundness issues in cgc

5.9

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-36467
GHSA ID
GHSA-f3mq-99jr-ww4r
EPSS Score
0.51056%
CWE
CWE-657
Published
8/25/2021
Updated
6/13/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
cgcrust<= 0.4.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

  1. The Send/Sync implementations are explicitly shown in code snippets to be unconditional, violating thread safety requirements.
  2. Ptr::get's implementation of returning &mut T through raw pointer dereference directly creates multiple mutable aliases.
  3. Ptr::set's use of raw pointer write() without atomic operations is explicitly called out in vulnerability descriptions.
  4. All issues are corroborated by multiple sources including GitHub issue reproduction code and CVE descriptions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*****t** v*rsions o* t*is *r*t* **v* t** *ollowin* issu*s: *. `Ptr` impl*m*nts `S*n*` *n* `Syn*` *or *ll typ*s, t*is **n l*** to **t* r***s *y s*n*in* non-t*r*** s*** typ*s **ross t*r***s. *. `Ptr::**t` viol*t*s mut**l* *li*s rul*s *y r*turnin*

Reasoning

*. T** S*n*/Syn* impl*m*nt*tions *r* *xpli*itly s*own in *o** snipp*ts to ** un*on*ition*l, viol*tin* t*r*** s***ty r*quir*m*nts. *. Ptr::**t's impl*m*nt*tion o* r*turnin* &mut T t*rou** r*w point*r **r***r*n** *ir**tly *r**t*s multipl* mut**l* *li*s