CVE-2020-35887

Name of the Vulnerable Software and Affected Versions arr crate versions through 2020-08-25

Description The issue concerns a buffer overflow in Index and IndexMut implementations. Additionally, there are problems with the implementation of Sync/Send bounds, allowing non-Sync/Send types to be smuggled across thread boundaries. The Array::new from template() function drops uninitialized memory.

Recommendations For versions through 2020-08-25, consider updating to a version released after 2020-08-25 to address the buffer overflow and other security issues. As a temporary workaround, consider restricting the use of Index and IndexMut implementations to prevent buffer overflows until a patch is available. Avoid using the Array::new from template() function until the issue with dropping uninitialized memory is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.