CVE-2020-25795

Name of the Vulnerable Software and Affected Versions sized-chunks crate versions through 0.6.2

Description The issue concerns memory-safety problems in the sized-chunks crate for Rust. Specifically, in the Chunk implementation, there are issues with insert from and clone when a panic occurs, leading to memory safety issues. Additionally, the array size is not checked when constructed with unit(), pair(), or From<InlineArray<A, T>>. In the InlineArray implementation, unaligned references may be generated for types with large alignment requirements.

Recommendations For sized-chunks crate versions through 0.6.2, consider updating to a version that addresses these memory-safety issues. As a temporary workaround, consider adding checks for array size when constructing with unit(), pair(), or From<InlineArray<A, T>> to prevent memory safety issues. Also, be cautious when using clone and insert from as they are not panic-safe, and a panicking iterator can cause memory safety issues. Avoid using InlineArray for types with large alignment requirements to minimize the risk of generating unaligned references. At the moment, there is no information about a newer version that contains a fix for this vulnerability.