Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmZ2ctdmNjci1tNDZt

High EPSS: 0.00328% (0.54735 Percentile) EPSS:
Permalink JSON

Missing release of memory in sized-chunks

Affected Packages Affected Versions Fixed Versions
cargo:sized-chunks < 0.6.3 0.6.3
6 Dependent packages
3,173 Dependent repositories
25,310,736 Downloads total

Affected Version Ranges

All affected versions

0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.2.0, 0.2.1, 0.2.2, 0.3.0, 0.3.1, 0.3.2, 0.4.0, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.6.0, 0.6.1, 0.6.2

All unaffected versions

0.6.3, 0.6.4, 0.6.5, 0.7.0

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic.

References:

Identifiers

GHSA-rfgg-vccr-m46m

CVE-2020-25794

Risk

Severity

High

EPSS

EPSS Percentage: 0.00328

EPSS Percentile: 0.54735

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/bodil/sized-chunks

Date and time

Published

almost 4 years ago

Updated

over 2 years ago

API

JSON