CVE-2020-25794

Name of the Vulnerable Software and Affected Versions sized-chunks crate versions through 0.6.2

Description An issue was discovered in the sized-chunks crate, where the Chunk implementation has memory-safety issues. Specifically, the array size is not checked when constructed with unit(), pair(), or From<InlineArray<A, T>>. Additionally, Clone and insert from are not panic-safe, as a panicking iterator can cause memory safety issues. The InlineArray implementation generates unaligned references for types with a large alignment requirement.

Recommendations For sized-chunks crate versions through 0.6.2, consider disabling the Clone and insert from functions until a patch is available to prevent memory safety issues. Restrict the use of unit(), pair(), and From<InlineArray<A, T>> when constructing the Chunk implementation to minimize the risk of exploitation. Avoid using the InlineArray implementation for types with large alignment requirements until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.