CVE-2020-25796

Vulnerability

The sized-chunks crate (versions up to and including 0.6.2) contains a soundness issue in its InlineArray implementation. When the array holds types that have a large alignment requirement (e.g., #[repr(align(256))]), the code that provides references to elements may produce an *unaligned reference* [1][2]. In Rust, references must always be properly aligned for the type they point to; violating this is undefined behavior.

Exploitation

This is a soundness bug in safe Rust code exposed by the crate's public API. An attacker who can influence the types stored in an InlineArray—for example, by passing a custom type with a large alignment to a library function that internally uses InlineArray—could trigger the creation of an unaligned reference. No authentication or special network access is required beyond the ability to supply the type to the affected code path. The issue was discovered during a security audit of crates.io [1].

Impact

If exploited, the unaligned reference leads to undefined behavior. This could manifest as memory corruption, crashes, or potentially — in the worst case — arbitrary code execution, depending on how the reference is subsequently used. The Rust compiler's safety guarantees are undermined, meaning that the entire program may violate memory safety even though it contains no unsafe code of its own.

Mitigation

The sized-chunks repository has been archived and is marked read-only [1][4]. The RustSec advisory RUSTSEC-2020-0041 [3] assigns a CVSS score of 7.5 (HIGH) and recommends avoiding use of this crate altogether. Users should migrate to alternatives that provide equivalent functionality without these soundness issues. No patched version of sized-chunks exists, as the crate is effectively end-of-life.