CVE-2020-25795

Vulnerability

CVE-2020-25795 is a memory-safety issue in the sized-chunks crate (version 0.6.2 and earlier) for Rust. Specifically, the Chunk implementation's insert_from method is not panic-safe; if the iterator provided to it panics during iteration, the function can leave the internal array in an inconsistent state, leading to double-free or other memory corruption [1][2].

Exploitation

An attacker who can control or influence the iterator passed to Chunk::insert_from can trigger this vulnerability by providing an iterator that panics at a controlled point, such as during a clone, next, or by using a custom type like DropDetector that panics on clone [1]. No special network position is required beyond being able to supply a panicking iterator, which could occur in library usage where user-supplied data is processed.

Impact

Successful exploitation results in memory unsoundness, potentially leading to undefined behavior such as use-after-free, double-free, or arbitrary code execution, depending on the Rust compiler's optimization and the crate's use in an application [3]. The flaw is in a foundational crate used by im data structures, so it can have widespread impact.

Mitigation

The sized-chunks crate repository has been archived and no patched version was released for this specific issue; the advisory recommends avoiding the crate in security-sensitive contexts [3]. The advisory notes that the im-rs project (which used sized-chunks) was also archived and users should migrate to other immutable collection libraries [1][4].