Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1wNmYtcDlncC12cGo5

High EPSS: 0.00392% (0.59474 Percentile) EPSS:
Permalink JSON

Array size is not checked in sized-chunks

Affected Packages Affected Versions Fixed Versions
cargo:sized-chunks < 0.6.3 0.6.3
6 Dependent packages
3,173 Dependent repositories
25,310,736 Downloads total

Affected Version Ranges

All affected versions

0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.2.0, 0.2.1, 0.2.2, 0.3.0, 0.3.1, 0.3.2, 0.4.0, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.6.0, 0.6.1, 0.6.2

All unaffected versions

0.6.3, 0.6.4, 0.6.5, 0.7.0

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair().

References:

Identifiers

GHSA-mp6f-p9gp-vpj9

CVE-2020-25792

Risk

Severity

High

EPSS

EPSS Percentage: 0.00392

EPSS Percentile: 0.59474

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/bodil/sized-chunks

Date and time

Published

almost 4 years ago

Updated

over 1 year ago

API

JSON