CVE-2020-25791

Name of the Vulnerable Software and Affected Versions sized-chunks crate versions through 0.6.2

Description An issue was discovered in the sized-chunks crate, where the array size is not checked when constructed with unit(), pair(), or From<InlineArray<A, T>> in the Chunk implementation. Additionally, the Clone and insert from functions are not panic-safe, which can cause memory safety issues if an iterator panics. In the InlineArray implementation, unaligned references may be generated for types with a large alignment requirement.

Recommendations For sized-chunks crate versions through 0.6.2, consider updating to a newer version that addresses these issues. As a temporary workaround, consider adding manual checks for array size when constructing with unit(), pair(), or From<InlineArray<A, T>> to prevent potential memory safety issues. Additionally, restrict the use of Clone and insert from functions in situations where iterators may panic, until a patch is available.