1. Ubuntu Security Notices
  2. USN-8118-1

USN-8118-1: sized-chunks vulnerabilities

Publication date

23 March 2026

Overview

Several security issues were fixed in sized-chunks.

Releases

Packages

Details

Yechan Bae discovered that sized-chunks did not properly validate array
size when constructing Chunk. An attacker could possibly use these
issues to cause out-of-bounds access, leading to memory corruption or
undefined behavior. (CVE-2020-25791, CVE-2020-25792, CVE-2020-25793)

Yechan Bae discovered that sized-chunks had a memory safety issue in the
clone implementation when a panic occurs. An attacker could possibly use
this issue to cause improper memory handling, leading to memory
corruption or a denial of service. (CVE-2020-25794)

Yechan Bae discovered that sized-chunks could create unaligned
references in the InlineArray implementation for types with strict
alignment requirements. An attacker could possibly use this issue to
cause undefined behavior, leading to memory...

Yechan Bae discovered that sized-chunks did not properly validate array
size when constructing Chunk. An attacker could possibly use these
issues to cause out-of-bounds access, leading to memory corruption or
undefined behavior. (CVE-2020-25791, CVE-2020-25792, CVE-2020-25793)

Yechan Bae discovered that sized-chunks had a memory safety issue in the
clone implementation when a panic occurs. An attacker could possibly use
this issue to cause improper memory handling, leading to memory
corruption or a denial of service. (CVE-2020-25794)

Yechan Bae discovered that sized-chunks could create unaligned
references in the InlineArray implementation for types with strict
alignment requirements. An attacker could possibly use this issue to
cause undefined behavior, leading to memory corruption or a denial of
service. (CVE-2020-25796)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
20.04 LTS focal librust-sized-chunks-dev –  0.3.1-1ubuntu0.1~esm1  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›