An issue was discovered in the sized-chucks crate through 0.6.2 for Rust. Software developer should be careful when make use of paypal-rs. (19-09-2020)

Preface: Companies large and small are using Rust in production all over the world, including Mozilla, Dropbox, npm, Postmates, Braintree and others.

Vulnerability details: An issue was discovered in the sized-chucks crate through 0.6.2 for Rust CVE-2020-25791…CVE-2020-25796.
Chunk:
– Array size is not checked when constructed with unit() and pair()
– Array size is not checked when constructed with From<InlineArray<A, T>>.
– Clone and insert_from are not panic-safe (memory safety issues)
InlineArray:
– Generates unaligned references for types with a large alignment requirement.

Rust does not implement Default for all arrays because it does not have non-type polymorphism. Rust does not implement Default for all arrays because it does not have non-type polymorphism. If the design do not contain check array mechanism fo constructing structures (“structs”) by specify type. Perhaps there is no proof of concept to exploit this vulnerability in the moment. However it looks that it provides a way for attacker exploit this design limitation in future. In the moment, it require to waiting for the developer do the remediation.

2 thoughts on “An issue was discovered in the sized-chucks crate through 0.6.2 for Rust. Software developer should be careful when make use of paypal-rs. (19-09-2020)”

  1. What’s Happening i’m new to this, I stumbled upon this I have discovered It absolutely
    useful and it has aided me out loads. I am hoping to give a contribution & help
    other users like its aided me. Great job.

  2. Its like you read my mind! You appear to know so much
    about this, like you wrote the book in it or something.
    I think that you could do with some pics to drive the message home a little bit, but instead
    of that, this is magnificent blog. A great read. I’ll definitely be back.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.