CVE-2020-25793

Vulnerability

Overview

CVE-2020-25793 is a soundness issue in the sized-chunks crate for Rust, affecting versions up to and including 0.6.2. The vulnerability lies in the Chunk implementation, where the array size is not checked when a Chunk is constructed via From<InlineArray<A, T>>. This violates the type-system safety guarantees that Rust normally enforces, potentially allowing memory corruption [1][2].

Attack

Vector and Prerequisites

Exploitation requires a program that uses the sized-chunks crate and constructs a Chunk from an InlineArray outside of the expected size constraints. No special privileges are needed; the vulnerability can be triggered during normal crate usage when the From trait is invoked. Additionally, the advisory notes that Clone and insert_from are not panic-safe—a panicking iterator during these operations can lead to further memory safety violations [1][3].

Impact

An attacker who can influence the size or contents of the InlineArray might cause undefined behavior (e.g., out-of-bounds reads or writes), potentially leading to program crashes, data corruption, or—in a worst-case scenario—arbitrary code execution. The CVSS base score is 7.5 (HIGH), indicating a significant risk [3].

Mitigation

The sized-chunks repository was archived and is now read-only [1]. Users should upgrade to a patched version if available, or migrate to alternative crates that provide similar functionality with soundness guarantees. As of the advisory publication, no direct patch exists; the risk is more pronounced because the crate is no longer maintained [1][4].