CVE-2020-36467
Description
An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::get returns more than one mutable reference to the same object.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The cgc crate's Ptr::get returns multiple mutable references to the same object, violating Rust's aliasing rules and enabling undefined behavior.
Vulnerability
The cgc crate (Copying Garbage Collector) through version 2020-12-10 contains a soundness bug in its Ptr type. The Ptr::get method, defined as pub fn get(&self) -> &mut T, takes an immutable reference to the pointer and returns a mutable reference to the underlying object [1][2]. This allows callers to create multiple mutable references to the same object by calling get() multiple times, which is undefined behavior under Rust's aliasing rules [3]. The issue affects all versions of the cgc crate up to and including the version published on 2020-12-10.
Exploitation
An attacker does not need network access or special privileges to trigger this vulnerability; any code using the Ptr type can exploit it. The concrete step is simply to call Ptr::get multiple times on the same Ptr instance to obtain multiple &mut T references to the same data [3]. The Rust compiler's borrow checker cannot detect this misuse because the function signatures are safe (not marked unsafe), but the implementation internally uses unsafe code (unsafe { &mut *self.0 }) [3]. This makes the vulnerability exploitable from safe Rust code.
Impact
By obtaining multiple mutable references to the same object, an attacker can cause memory corruption, data races, and other forms of undefined behavior [2][3]. The Rust safety guarantees are violated, potentially allowing arbitrary memory reads/writes or crashes. The CVSS score is 5.9 (Medium) with network attack vector, high attack complexity, no privileges required, and no user interaction needed [2]. The scope is unchanged, but impact on integrity and availability can be significant.
Mitigation
As of the available references, no patched version of the cgc crate has been released. The issue was reported on December 10, 2020 [3], and the RustSec advisory (RUSTSEC-2020-0148) was published on March 26, 2021 [2]. The maintainer should fix Ptr::get to return an immutable reference or use interior mutability correctly. Until a fix is available, users are advised to avoid using the Ptr type's get method or switch to a different garbage collection crate.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cgccrates.io | <= 0.4.0 | — |
Affected products
2- cgc/cgcdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-f3mq-99jr-ww4rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-36467ghsaADVISORY
- github.com/playXE/cgc/issues/5ghsaWEB
- raw.githubusercontent.com/rustsec/advisory-db/main/crates/cgc/RUSTSEC-2020-0148.mdghsax_refsource_MISCWEB
- rustsec.org/advisories/RUSTSEC-2020-0148.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.