VYPR
← All advisories
High severityNVD Advisory· Published Aug 8, 2021· Updated Aug 4, 2024

CVE-2020-36465

CVE-2020-36465

Description

The generic-array crate before 0.13.3 has an unsound arr! macro that erases lifetimes, enabling potential memory corruption.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

The generic-array crate before 0.13.3 has an unsound arr! macro that erases lifetimes, enabling potential memory corruption.

Vulnerability

The generic-array crate for Rust, before version 0.13.3, contains a vulnerability in the arr! macro that violates memory safety by erasing lifetimes. This unsoundness issue can lead to memory corruption. The affected versions are all releases prior to 0.13.3 [1][2][4].

Exploitation

An attacker can trigger the vulnerability by using the arr! macro in a way that extends lifetimes beyond their valid scope. Since Rust's safety guarantees are reliant on compile-time lifetime checks, erasing them creates conditions for undefined behavior. No special privileges or network access are required beyond crafting Rust code that uses the affected macro [2][4].

Impact

Successful exploitation of the lifetime erasure can result in memory corruption, potentially leading to a denial-of-service condition (e.g., crashes) or arbitrary read/write primitives. The CVSS score is 7.5 (HIGH) with an availability impact [3][4]. The scope is unchanged, and no direct confidentiality or integrity impact is listed, but memory corruption can be leveraged further.

Mitigation

The vulnerability is fixed in generic-array version 0.13.3 and later. Users should update to 0.13.3 or any subsequent release. As of the publication date, there are no known workarounds other than upgrading. The RustSec advisory provides details on patched version ranges [1][4].

References
  1. GitHub - fizyk20/generic-array: Generic array types in Rust
  2. `arr!` unsoundness
  3. NVD - CVE-2020-36465
  4. arr! macro erases lifetimes › RustSec Advisory Database

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
generic-arraycrates.io
>= 0.13.0, < 0.13.30.13.3
generic-arraycrates.io
>= 0.12.0, < 0.12.40.12.4
generic-arraycrates.io
>= 0.11.0, < 0.11.20.11.2
generic-arraycrates.io
>= 0.10.0, < 0.10.10.10.1
generic-arraycrates.io
>= 0.8.0, < 0.9.10.9.1

Affected products

2

Patches

6
2c65eedb8a0c

Bump version

https://github.com/fizyk20/generic-arrayBartłomiej KamińskiMar 2, 2021via osv
commit
1 file changed · +1 1
  • Cargo.toml+1 1 modified
    @@ -1,7 +1,7 @@
 [package]
 
 name = "generic-array"
-version = "0.8.3"
+version = "0.8.4"
 authors = [ "Bartłomiej Kamiński <fizyk20@gmail.com>" ]
 description = "Generic types implementing functionality of arrays"
 license = "MIT"
3e8764e29cf8

Bump version

https://github.com/fizyk20/generic-arrayBartłomiej KamińskiMar 2, 2021via osv
commit
1 file changed · +1 1
  • Cargo.toml+1 1 modified
    @@ -1,7 +1,7 @@
 [package]
 
 name = "generic-array"
-version = "0.9.0"
+version = "0.9.1"
 authors = [ "Bartłomiej Kamiński <fizyk20@gmail.com>" ]
 description = "Generic types implementing functionality of arrays"
 license = "MIT"
e51220bd0158

Bump version

https://github.com/fizyk20/generic-arrayBartłomiej KamińskiMar 2, 2021via osv
commit
1 file changed · +1 1
  • Cargo.toml+1 1 modified
    @@ -1,7 +1,7 @@
 [package]
 
 name = "generic-array"
-version = "0.10.0"
+version = "0.10.1"
 authors = [ "Bartłomiej Kamiński <fizyk20@gmail.com>" ]
 
 description = "Generic types implementing functionality of arrays"
0dea8cbb8af9

Bump version

https://github.com/fizyk20/generic-arrayBartłomiej KamińskiMar 2, 2021via osv
commit
2 files changed · +4 1
  • Cargo.toml+1 1 modified
    @@ -1,7 +1,7 @@
 [package]
 
 name = "generic-array"
-version = "0.11.1"
+version = "0.11.2"
 authors = [ "Bartłomiej Kamiński <fizyk20@gmail.com>", "Aaron Trent <novacrazy@gmail.com>" ]
 
 description = "Generic types implementing functionality of arrays"
  • CHANGELOG.md+3 0 modified
    @@ -1,3 +1,6 @@
+* **0.11.2**
+    * Backport the unsoundness fix for the `arr!` macro.
+
 * **0.11.0**
     * Redesign `GenericSequence` with an emphasis on use in generic type parameters.
     * Add `MappedGenericSequence` and `FunctionalSequence`
525f5e7dc3e3

Bump version

https://github.com/fizyk20/generic-arrayBartłomiej KamińskiMar 2, 2021via osv
commit
2 files changed · +5 2
  • Cargo.toml+2 2 modified
    @@ -1,7 +1,7 @@
 [package]
 
 name = "generic-array"
-version = "0.13.2"
+version = "0.13.3"
 authors = [ "Bartłomiej Kamiński <fizyk20@gmail.com>", "Aaron Trent <novacrazy@gmail.com>" ]
 
 description = "Generic types implementing functionality of arrays"
@@ -31,4 +31,4 @@ serde = { version = "1.0", optional = true, default-features = false }
 [dev_dependencies]
 # this can't yet be made optional, see https://github.com/rust-lang/cargo/issues/1596
 serde_json = "1.0"
-bincode = "1.0"
\ No newline at end of file
+bincode = "1.0"
  • CHANGELOG.md+3 0 modified
    @@ -1,3 +1,6 @@
+* **`0.13.3`**
+    * Backport the unsoundness fix for the `arr!` macro.
+
 * **`0.13.2`**
     * Add feature `more_lengths`, which adds more `From`/`Into` implementations for arrays of various lengths.
42843cdb6c24

Bump version

https://github.com/fizyk20/generic-arrayBartłomiej KamińskiMar 2, 2021via osv
commit
2 files changed · +5 2
  • Cargo.toml+2 2 modified
    @@ -1,7 +1,7 @@
 [package]
 
 name = "generic-array"
-version = "0.12.3"
+version = "0.12.4"
 authors = [ "Bartłomiej Kamiński <fizyk20@gmail.com>", "Aaron Trent <novacrazy@gmail.com>" ]
 
 description = "Generic types implementing functionality of arrays"
@@ -28,4 +28,4 @@ serde = { version = "1.0", optional = true, default-features = false }
 [dev_dependencies]
 # this can't yet be made optional, see https://github.com/rust-lang/cargo/issues/1596
 serde_json = "1.0"
-bincode = "1.0"
\ No newline at end of file
+bincode = "1.0"
  • CHANGELOG.md+3 0 modified
    @@ -1,3 +1,6 @@
+* **`0.12.4`**
+    * Fix unsoundness in the `arr!` macro.
+
 * **`0.12.0`**
     * Allow trailing commas in `arr!` macro.
     * **BREAKING**: Serialize `GenericArray` using `serde` tuples, instead of variable-length sequences. This may not be compatible with old serialized data.

Vulnerability mechanics

Root cause

"The `arr!` macro incorrectly extends lifetimes, leading to a violation of Rust's soundness guarantees."

Attack vector

An attacker can trigger this vulnerability by utilizing the `arr!` macro in a way that exploits the incorrect lifetime extension. This allows for the creation of references that outlive the data they point to, violating Rust's safety guarantees. The advisory does not provide specific payload shapes or network paths for exploitation. This issue is categorized as a soundness violation [patch_id=197032, patch_id=197033, patch_id=197034].

Affected code

The `arr!` macro within the `generic-array` crate is responsible for the identified soundness issue. This macro is used to construct generic arrays, and its implementation incorrectly extended lifetimes. The vulnerability affects versions prior to 0.13.3 [patch_id=197034].

What the fix does

The patches update the `generic-array` crate to versions 0.11.2, 0.12.4, and 0.13.3 to address the unsoundness [patch_id=197032, patch_id=197033, patch_id=197034]. These updates include a fix for the `arr!` macro to ensure that lifetimes are handled correctly. By correcting the macro implementation, the crate prevents the creation of invalid references, thereby restoring memory safety. The provided diffs show version bumps and changelog updates confirming these fixes [patch_id=197032, patch_id=197033, patch_id=197034].

Generated on May 17, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.