← back
CVE-2020-25792

CVE-2020-25792

CVSS 7.5 HIGHEPSS 2.8%CWE-129
In short

The sized-chunks library for Rust doesn't validate array sizes when using the pair() function, allowing an attacker to cause unexpected behavior or crashes by creating improperly sized data structures.

Technical detail

CWE-129 (Improper Validation of Array Index) in the Chunk implementation of sized-chunks allows an unchecked array size during pair() construction. An attacker can supply malformed input to trigger out-of-bounds access or memory unsafety, potentially leading to denial of service or information disclosure.

Summary generated and translated by AI from the official description.
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair().
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/bodil/sized-chunks/commit/3ae48bd463c1af41c24b96b84079946f51f51e3chttps://github.com/bodil/sized-chunks/issues/11https://rustsec.org/advisories/RUSTSEC-2020-0041.html