Miggo Logo

CVE-2020-25793: Array size is not checked in sized-chunks

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.55097%
Published
8/25/2021
Updated
1/11/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
sized-chunksrust< 0.6.30.6.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from missing capacity checks in three key areas:

  1. The From<InlineArray> implementation (CVE's primary focus) allows converting an InlineArray of any size to Chunk without validation.
  2. The unit() constructor creates single-element chunks without verifying capacity constraints.
  3. The pair() constructor creates two-element chunks without capacity checks. These are directly demonstrated in the test cases from GHSA-64gv-qg2v-vxv6 where U0 capacity chunks were overfilled. The RustSec advisory and CVE description explicitly call out these specific construction methods as vulnerable due to missing size validation (CWE-129).

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in t** siz**-**unks *r*t* t*rou** *.*.* *or Rust. In t** **unk impl*m*nt*tion, t** *rr*y siz* is not ****k** w**n *onstru*t** wit* *rom<Inlin**rr*y<*, T>>.

Reasoning

T** vuln*r**ility st*ms *rom missin* **p**ity ****ks in t*r** k*y *r**s: *. T** *rom<Inlin**rr*y> impl*m*nt*tion (*V*'s prim*ry *o*us) *llows *onv*rtin* *n Inlin**rr*y o* *ny siz* to **unk wit*out v*li**tion. *. T** unit() *onstru*tor *r**t*s sin*l*-