USN-8118-1

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-8118-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8118-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/USN-8118-1
Upstream
Related
Published
2026-03-23T16:35:52Z
Modified
2026-03-24T11:14:53.472699Z
Summary
rust-sized-chunks vulnerabilities
Details

Yechan Bae discovered that sized-chunks did not properly validate array size when constructing Chunk. An attacker could possibly use these issues to cause out-of-bounds access, leading to memory corruption or undefined behavior. (CVE-2020-25791, CVE-2020-25792, CVE-2020-25793)

Yechan Bae discovered that sized-chunks had a memory safety issue in the clone implementation when a panic occurs. An attacker could possibly use this issue to cause improper memory handling, leading to memory corruption or a denial of service. (CVE-2020-25794)

Yechan Bae discovered that sized-chunks could create unaligned references in the InlineArray implementation for types with strict alignment requirements. An attacker could possibly use this issue to cause undefined behavior, leading to memory corruption or a denial of service. (CVE-2020-25796)

References

Affected packages

Ubuntu:Pro:20.04:LTS / rust-sized-chunks

Package

Name
rust-sized-chunks
Purl
pkg:deb/ubuntu/rust-sized-chunks@0.3.1-1ubuntu0.1~esm1?arch=source&distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.1-1ubuntu0.1~esm1

Affected versions

0.*
0.3.1-1

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "librust-sized-chunks-dev",
            "binary_version": "0.3.1-1ubuntu0.1~esm1"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8118-1.json"
cves_map 
{
    "ecosystem": "Ubuntu:Pro:20.04:LTS",
    "cves": [
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2020-25791"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2020-25792"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2020-25793"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2020-25794"
        },
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2020-25796"
        }
    ]
}