{"id":"USN-8118-1","summary":"rust-sized-chunks vulnerabilities","details":"Yechan Bae discovered that sized-chunks did not properly validate array\nsize when constructing Chunk. An attacker could possibly use these\nissues to cause out-of-bounds access, leading to memory corruption or\nundefined behavior. (CVE-2020-25791, CVE-2020-25792, CVE-2020-25793)\n\nYechan Bae discovered that sized-chunks had a memory safety issue in the\nclone implementation when a panic occurs. An attacker could possibly use\nthis issue to cause improper memory handling, leading to memory\ncorruption or a denial of service. (CVE-2020-25794)\n\nYechan Bae discovered that sized-chunks could create unaligned\nreferences in the InlineArray implementation for types with strict\nalignment requirements. An attacker could possibly use this issue to\ncause undefined behavior, leading to memory corruption or a denial of\nservice. (CVE-2020-25796)","modified":"2026-03-24T11:14:53.472699Z","published":"2026-03-23T16:35:52Z","related":["UBUNTU-CVE-2020-25791","UBUNTU-CVE-2020-25792","UBUNTU-CVE-2020-25793","UBUNTU-CVE-2020-25794","UBUNTU-CVE-2020-25796"],"upstream":["CVE-2020-25791","CVE-2020-25792","CVE-2020-25793","CVE-2020-25794","CVE-2020-25796","UBUNTU-CVE-2020-25791","UBUNTU-CVE-2020-25792","UBUNTU-CVE-2020-25793","UBUNTU-CVE-2020-25794","UBUNTU-CVE-2020-25796"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8118-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-25791"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-25792"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-25793"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-25794"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-25796"}],"affected":[{"package":{"name":"rust-sized-chunks","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/rust-sized-chunks@0.3.1-1ubuntu0.1~esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.3.1-1ubuntu0.1~esm1"}]}],"versions":["0.3.1-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"librust-sized-chunks-dev","binary_version":"0.3.1-1ubuntu0.1~esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8118-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-25791"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-25792"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-25793"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-25794"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-25796"}],"ecosystem":"Ubuntu:Pro:20.04:LTS"}}}],"schema_version":"1.7.5"}