Miggo Logo

CVE-2020-36468: Non-atomic writes in cgc

5.9

CVSS Score
3.1

Basic Information

EPSS Score
0.51056%
Published
8/25/2021
Updated
6/13/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
cgcrust<= 0.4.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

  1. The Send/Sync implementations are explicitly shown in code snippets without trait bounds. 2. Ptr::get's signature (&self -> &mut T) directly violates Rust's mutable reference uniqueness. 3. Ptr::set's raw pointer write is non-atomic per vulnerability description. All issues are confirmed by multiple sources including GitHub issue code examples and CVE descriptions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

# Multipl* soun*n*ss issu*s in `Ptr` in *** *****t** v*rsions o* t*is *r*t* **v* t** *ollowin* issu*s: *. `Ptr` impl*m*nts `S*n*` *n* `Syn*` *or *ll typ*s, t*is **n l*** to **t* r***s *y s*n*in* non-t*r*** s*** typ*s **ross t*r***s. *. `Ptr::**

Reasoning

*. T** S*n*/Syn* impl*m*nt*tions *r* *xpli*itly s*own in *o** snipp*ts wit*out tr*it *oun*s. *. Ptr::**t's si*n*tur* (&s*l* -> &mut T) *ir**tly viol*t*s Rust's mut**l* r***r*n** uniqu*n*ss. *. Ptr::s*t's r*w point*r writ* is non-*tomi* p*r vuln*r**il