CVE-2020-25792

Name of the Vulnerable Software and Affected Versions sized-chunks crate versions through 0.6.2

Description An issue was discovered in the sized-chunks crate, where the array size is not checked when constructed with unit() and pair() in the Chunk implementation. Additionally, the array size is not checked when constructed with From<InlineArray<A, T>>. The Clone and insert from functions are not panic-safe, as a panicking iterator can cause memory safety issues. In the InlineArray implementation, unaligned references may be generated for types with a large alignment requirement.

Recommendations For sized-chunks crate versions through 0.6.2, consider updating to a version that addresses these issues. As a temporary workaround, consider adding manual checks for array size when constructing with unit() and pair() to prevent potential memory safety issues. Additionally, restrict the use of Clone and insert from functions until a patch is available to prevent memory safety issues caused by panicking iterators. Avoid using the InlineArray implementation for types with large alignment requirements until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.