CVE-2020-25791

Published: Sep 19, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit().

Affected (1)

Products: Sized Chunks Project: Sized Chunks

Sized Chunks Project

1 product

Sized Chunks

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sized Chunks Project Sized Chunks	Up to 0.6.2

Related CWEs

CWE-129

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (4)

https://github.com/bodil/sized-chunks/issues/11

Source: cve@mitre.org

ExploitPatchThird Party Advisory

https://rustsec.org/advisories/RUSTSEC-2020-0041.html

Source: cve@mitre.org

Third Party Advisory

https://github.com/bodil/sized-chunks/issues/11

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

https://rustsec.org/advisories/RUSTSEC-2020-0041.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.