usn-8118-1
Vulnerability from osv_ubuntu
Published
2026-03-23 16:35
Modified
2026-03-23 16:35
Summary
rust-sized-chunks vulnerabilities
Details

Yechan Bae discovered that sized-chunks did not properly validate array size when constructing Chunk. An attacker could possibly use these issues to cause out-of-bounds access, leading to memory corruption or undefined behavior. (CVE-2020-25791, CVE-2020-25792, CVE-2020-25793)

Yechan Bae discovered that sized-chunks had a memory safety issue in the clone implementation when a panic occurs. An attacker could possibly use this issue to cause improper memory handling, leading to memory corruption or a denial of service. (CVE-2020-25794)

Yechan Bae discovered that sized-chunks could create unaligned references in the InlineArray implementation for types with strict alignment requirements. An attacker could possibly use this issue to cause undefined behavior, leading to memory corruption or a denial of service. (CVE-2020-25796)


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2020-25791",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-25792",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-25793",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-25794",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2020-25796",
              "severity": [
                {
                  "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "type": "CVSS_V3"
                },
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:Pro:20.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
        "binaries": [
          {
            "binary_name": "librust-sized-chunks-dev",
            "binary_version": "0.3.1-1ubuntu0.1~esm1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:20.04:LTS",
        "name": "rust-sized-chunks",
        "purl": "pkg:deb/ubuntu/rust-sized-chunks@0.3.1-1ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/focal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.1-1ubuntu0.1~esm1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.3.1-1"
      ]
    }
  ],
  "aliases": [],
  "details": "Yechan Bae discovered that sized-chunks did not properly validate array\nsize when constructing Chunk. An attacker could possibly use these\nissues to cause out-of-bounds access, leading to memory corruption or\nundefined behavior. (CVE-2020-25791, CVE-2020-25792, CVE-2020-25793)\n\nYechan Bae discovered that sized-chunks had a memory safety issue in the\nclone implementation when a panic occurs. An attacker could possibly use\nthis issue to cause improper memory handling, leading to memory\ncorruption or a denial of service. (CVE-2020-25794)\n\nYechan Bae discovered that sized-chunks could create unaligned\nreferences in the InlineArray implementation for types with strict\nalignment requirements. An attacker could possibly use this issue to\ncause undefined behavior, leading to memory corruption or a denial of\nservice. (CVE-2020-25796)",
  "id": "USN-8118-1",
  "modified": "2026-03-23T16:35:52Z",
  "published": "2026-03-23T16:35:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-8118-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-25791"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-25792"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-25793"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-25794"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2020-25796"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "rust-sized-chunks vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2020-25791",
    "UBUNTU-CVE-2020-25792",
    "UBUNTU-CVE-2020-25793",
    "UBUNTU-CVE-2020-25794",
    "UBUNTU-CVE-2020-25796"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…