Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg1NHYtcXh4ci05M3Fj

High EPSS: 0.00328% (0.54735 Percentile) EPSS:
Permalink JSON

Missing release of memory in sized-chunks

Affected Packages Affected Versions Fixed Versions
cargo:sized-chunks < 0.6.3 0.6.3
6 Dependent packages
3,173 Dependent repositories
25,310,736 Downloads total

Affected Version Ranges

All affected versions

0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.2.0, 0.2.1, 0.2.2, 0.3.0, 0.3.1, 0.3.2, 0.4.0, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.6.0, 0.6.1, 0.6.2

All unaffected versions

0.6.3, 0.6.4, 0.6.5, 0.7.0

Chunk:

  • Array size is not checked when constructed with unit() and pair().
  • Array size is not checked when constructed with From<InlineArray<A, T>>.
  • Clone and insert_from are not panic-safe; A panicking iterator causes memory safety issues with them.

InlineArray:

  • Generates unaligned references for types with a large alignment requirement.
References:

Identifiers

GHSA-x54v-qxxr-93qc

CVE-2020-25795

Risk

Severity

High

EPSS

EPSS Percentage: 0.00328

EPSS Percentile: 0.54735

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/bodil/sized-chunks

Date and time

Published

almost 4 years ago

Updated

about 2 years ago

API

JSON