CVE-2020-25796

Name of the Vulnerable Software and Affected Versions sized-chunks crate versions through 0.6.2

Description An issue in the sized-chunks crate for Rust can lead to memory-safety problems. Specifically, in the Chunk implementation, the array size is not checked when constructed with unit(), pair(), or From<InlineArray<A, T>>. Additionally, Clone and insert from are not panic-safe, as a panicking iterator can cause memory safety issues. In the InlineArray implementation, unaligned references may be generated for types with large alignment requirements.

Recommendations For sized-chunks crate versions through 0.6.2, consider updating to a version that addresses these issues. As a temporary workaround, restrict the use of unit(), pair(), and From<InlineArray<A, T>> in the Chunk implementation, and avoid using Clone and insert from with potentially panicking iterators. Also, be cautious when using InlineArray with types that have large alignment requirements to minimize the risk of generating unaligned references.