CVE-2020-25792: Array size is not checked in sized-chunks
(updated )
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair().
References
- github.com/advisories/GHSA-mp6f-p9gp-vpj9
- github.com/bodil/sized-chunks
- github.com/bodil/sized-chunks/commit/3ae48bd463c1af41c24b96b84079946f51f51e3c
- github.com/bodil/sized-chunks/commit/99e593c3037438db478256a1f3101371a69cbd3f
- github.com/bodil/sized-chunks/issues/11
- nvd.nist.gov/vuln/detail/CVE-2020-25792
- rustsec.org/advisories/RUSTSEC-2020-0041.html
Detect and mitigate CVE-2020-25792 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →