CVE-2020-25793

Name of the Vulnerable Software and Affected Versions sized-chunks crate versions through 0.6.2

Description The issue concerns memory safety in the sized-chunks crate for Rust. Specifically, in the Chunk implementation, the array size is not checked when constructed with From<InlineArray<A, T>>, unit(), or pair(). Additionally, the Clone and insert from functions are not panic-safe, which can cause memory safety issues if an iterator panics. In the InlineArray implementation, unaligned references may be generated for types with large alignment requirements.

Recommendations For sized-chunks crate versions through 0.6.2, consider updating to a version that addresses these memory safety issues. As a temporary workaround, avoid using the Clone and insert from functions with potentially panicking iterators, and refrain from constructing Chunks with unit(), pair(), or From<InlineArray<A, T>> to minimize the risk of exploitation. Restrict the use of InlineArray for types with large alignment requirements until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.