CVE-2020-25791
Description
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The sized-chunks crate for Rust has an unchecked array size in Chunk::unit(), leading to memory safety issues.
Vulnerability
The sized-chunks crate (versions up to and including 0.6.2) contains a soundness vulnerability in its Chunk implementation. When constructing a Chunk via the unit() or pair() methods, the array size is not properly checked against the allocated storage[1][3]. This can result in out-of-bounds memory access or other memory corruption.
Exploitation
Exploitation requires an attacker to control the size parameter passed to these methods, which may be possible if the crate is used in a context where user-supplied data influences chunk construction. No special authentication or network position is required beyond the ability to invoke the vulnerable APIs[2].
Impact
A successful exploit can lead to memory safety violations, including potential arbitrary code execution or data corruption. The RustSec advisory rates the severity as HIGH with a CVSS score of 7.5[3]. Multiple related soundness issues were reported in the same crate.
Mitigation
The sized-chunks repository has been archived by its owner[1], and no patched version is available. Users are advised to avoid using the crate or to rely on alternative libraries. The vulnerability is tracked in the RustSec database and has been assigned CVE-2020-25791.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sized-chunkscrates.io | < 0.6.3 | 0.6.3 |
Affected products
2- sized-chunks crate/sized-chunks cratedescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-9p9m-9xww-qjcxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-25791ghsaADVISORY
- github.com/bodil/sized-chunks/issues/11ghsax_refsource_MISCWEB
- rustsec.org/advisories/RUSTSEC-2020-0041.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.