Qwazo

Name of the Vulnerable Software and Affected Versions: Rust versions prior to 1.52.0 Description: The issue is related to a panic safety problem in the Zip implementation of the Rust standard library. It occurs when the underlying iterator panics under certain conditions, causing ` iterator get unchecked()` to be called more than once for the same index. This can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. Recommendations: For versions prior to 1.52.0, update to version 1.52.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the Zip implementation in the standard library until a patch is available.

**Name of the Vulnerable Software and Affected Versions** arc-swap crate versions prior to 0.4.8 arc-swap crate versions 1.x prior to 1.1.0 **Description** An issue has been discovered in the arc-swap crate for Rust. Use of `arc swap::access::Map` with the `Constant` test helper (or with a user-supplied implementation of the `Access` trait) could sometimes lead to dangling references being returned by the map. **Recommendations** For versions prior to 0.4.8, update to version 0.4.8 or later to resolve the issue. For versions 1.x prior to 1.1.0, update to version 1.1.0 or later to resolve the issue. As a temporary workaround, consider replacing the implementation with one that does not use `unsafe`, at the cost of added `Clone` bound on the closure and a small penalty on performance.

**Name of the Vulnerable Software and Affected Versions** sized-chunks crate versions through 0.6.2 **Description** An issue was discovered in the sized-chunks crate, where the array size is not checked when constructed with `unit()` and `pair()` in the Chunk implementation. Additionally, the array size is not checked when constructed with `From<InlineArray<A, T>>`. The `Clone` and `insert from` functions are not panic-safe, as a panicking iterator can cause memory safety issues. In the InlineArray implementation, unaligned references may be generated for types with a large alignment requirement. **Recommendations** For sized-chunks crate versions through 0.6.2, consider updating to a version that addresses these issues. As a temporary workaround, consider adding manual checks for array size when constructing with `unit()` and `pair()` to prevent potential memory safety issues. Additionally, restrict the use of `Clone` and `insert from` functions until a patch is available to prevent memory safety issues caused by panicking iterators. Avoid using the InlineArray implementation for types with large alignment requirements until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** sized-chunks crate versions through 0.6.2 **Description** The issue concerns memory-safety problems in the sized-chunks crate for Rust. Specifically, in the Chunk implementation, there are issues with `insert from` and `clone` when a panic occurs, leading to memory safety issues. Additionally, the array size is not checked when constructed with `unit()`, `pair()`, or `From<InlineArray<A, T>>`. In the InlineArray implementation, unaligned references may be generated for types with large alignment requirements. **Recommendations** For sized-chunks crate versions through 0.6.2, consider updating to a version that addresses these memory-safety issues. As a temporary workaround, consider adding checks for array size when constructing with `unit()`, `pair()`, or `From<InlineArray<A, T>>` to prevent memory safety issues. Also, be cautious when using `clone` and `insert from` as they are not panic-safe, and a panicking iterator can cause memory safety issues. Avoid using InlineArray for types with large alignment requirements to minimize the risk of generating unaligned references. At the moment, there is no information about a newer version that contains a fix for this vulnerability.