History ⋅ Edit RUSTSEC-2020-0041 Multiple soundness issues in Chunk and InlineArray Reported September 6, 2020 Issued October 2, 2020 (last modified: October 19, 2021) Package sized-chunks (crates.io) Type Vulnerability Aliases CVE-2020-25791 CVE-2020-25792 CVE-2020-25793 CVE-2020-25794 CVE-2020-25795 CVE-2020-25796 Details https://github.com/bodil/sized-chunks/issues/11 CVSS Score 7.5 HIGH CVSS Details Attack vectorNetwork Attack complexityLow Privileges requiredNone User interactionNone ScopeUnchanged ConfidentialityNone IntegrityNone AvailabilityHigh CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Patched >=0.6.3 Description Chunk: Array size is not checked when constructed with unit() and pair(). Array size is not checked when constructed with From<InlineArray<A, T>>. Clone and insert_from are not panic-safe; A panicking iterator causes memory safety issues with them. InlineArray: Generates unaligned references for types with a large alignment requirement.