Home / mailings [USN-8118-1] sized-chunks vulnerabilities
Posted on 23 March 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8118-1
March 23, 2026
rust-sized-chunks vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in sized-chunks.
Software Description:
- rust-sized-chunks: Efficient sized chunk datatypes for immutable.rs
Details:
Yechan Bae discovered that sized-chunks did not properly validate array
size when constructing Chunk. An attacker could possibly use these
issues to cause out-of-bounds access, leading to memory corruption or
undefined behavior. (CVE-2020-25791, CVE-2020-25792, CVE-2020-25793)
Yechan Bae discovered that sized-chunks had a memory safety issue in the
clone implementation when a panic occurs. An attacker could possibly use
this issue to cause improper memory handling, leading to memory
corruption or a denial of service. (CVE-2020-25794)
Yechan Bae discovered that sized-chunks could create unaligned
references in the InlineArray implementation for types with strict
alignment requirements. An attacker could possibly use this issue to
cause undefined behavior, leading to memory corruption or a denial of
service. (CVE-2020-25796)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
librust-sized-chunks-dev 0.3.1-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8118-1
CVE-2020-25791, CVE-2020-25792, CVE-2020-25793, CVE-2020-25794,
CVE-2020-25796
--===============2807010967150357084==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
