Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwOW0tOXh3dy1xamN4

High EPSS: 0.00328% (0.54735 Percentile) EPSS:
Permalink JSON

Array size is not checked in sized-chunks

Affected Packages Affected Versions Fixed Versions
cargo:sized-chunks < 0.6.3 0.6.3
6 Dependent packages
3,173 Dependent repositories
25,310,736 Downloads total

Affected Version Ranges

All affected versions

0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.2.0, 0.2.1, 0.2.2, 0.3.0, 0.3.1, 0.3.2, 0.4.0, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.6.0, 0.6.1, 0.6.2

All unaffected versions

0.6.3, 0.6.4, 0.6.5, 0.7.0

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit().

References:

Identifiers

GHSA-9p9m-9xww-qjcx

CVE-2020-25791

Risk

Severity

High

EPSS

EPSS Percentage: 0.00328

EPSS Percentile: 0.54735

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/bodil/sized-chunks

Date and time

Published

almost 4 years ago

Updated

over 2 years ago

API

JSON