CVE-2020-25791
HIGH7.5EPSS 0.43%Multiple soundness issues in Chunk and InlineArray
Published: 8/25/2021Modified: 3/15/2024
Also known as:GHSA-64gv-qg2v-vxv6GHSA-9p9m-9xww-qjcxGHSA-fqpx-cq8x-9wp4GHSA-mp6f-p9gp-vpj9GHSA-rfgg-vccr-m46mGHSA-x54v-qxxr-93qcDEBIAN-CVE-2020-25791RUSTSEC-2020-0041
Description
Chunk: * Array size is not checked when constructed with `unit()` and `pair()`. * Array size is not checked when constructed with `From<InlineArray<A, T>>`. * `Clone` and `insert_from` are not panic-safe; A panicking iterator causes memory safety issues with them. InlineArray: * Generates unaligned references for types with a large alignment requirement.
Affected packages (8)
- crates.io/sized-chunksfrom 0, < 0.6.3
- crates.io/sized-chunksfrom 0, < 0.6.3
- crates.io/sized-chunksfrom 0, < 0.6.3
- crates.io/sized-chunksfrom 0, < 0.6.3
- crates.io/sized-chunksfrom 0, < 0.6.3
- crates.io/sized-chunksfrom 0, < 0.6.3
- crates.io/sized-chunks>= 0.0.0-0, < 0.6.3
- Debian/rust-sized-chunksfrom 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References (13)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-25791
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-25792
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-25793
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-25794
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-25795
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-25796
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2020-25791
- PATCHhttps://crates.io/crates/sized-chunks
- PATCHhttps://github.com/bodil/sized-chunks
- WEBhttps://github.com/bodil/sized-chunks/commit/3ae48bd463c1af41c24b96b84079946f51f51e3c
- WEBhttps://github.com/bodil/sized-chunks/commit/99e593c3037438db478256a1f3101371a69cbd3f
- WEBhttps://github.com/bodil/sized-chunks/issues/11
- WEBhttps://rustsec.org/advisories/RUSTSEC-2020-0041.html