Miggo Logo
Miggo Vulnerability Database
CVE-2020-25795

CVE-2020-25795: Missing release of memory in sized-chunks

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-25795
GHSA ID
GHSA-x54v-qxxr-93qc
EPSS Score
0.55097%
CWE
CWE-401
Published
8/25/2021
Updated
6/13/2023
KEV Status
No
Technology
TechnologyRust

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
sized-chunksrust< 0.6.30.6.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability reports explicitly identify these functions through: 1) Direct mentions in CVE/GHSA descriptions 2) Test case demonstrations showing memory corruption 3) Code references in issue #11 showing unsafe patterns. Each function matches specific vulnerability patterns: missing size checks, improper panic safety, and alignment violations. The test cases provided in the GitHub issue directly demonstrate memory safety violations through these functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

**unk: * *rr*y siz* is not ****k** w**n *onstru*t** wit* unit() *n* p*ir(). * *rr*y siz* is not ****k** w**n *onstru*t** wit* *rom<Inlin**rr*y<*, T>>. * *lon* *n* ins*rt_*rom *r* not p*ni*-s***; * p*ni*kin* it*r*tor **us*s m*mory s***ty issu*s wit*

Reasoning

T** vuln*r**ility r*ports *xpli*itly i**nti*y t**s* *un*tions t*rou**: *) *ir**t m*ntions in *V*/**S* **s*riptions *) T*st **s* **monstr*tions s*owin* m*mory *orruption *) *o** r***r*n**s in issu* #** s*owin* uns*** p*tt*rns. **** *un*tion m*t***s sp