OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-22 03:18:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

rand_core: incorrect check on buffer length when seeding RNGs (#764)

Browse Source
This commit is contained in:
Diggory Hardy
2021-02-15 15:31:38 +00:00
committed by GitHub
parent cb9432ef2a
commit 221ec336f9
1 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
crates/rand_core/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,24 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "rand_core"
date = "2021-02-12"
url = "https://github.com/rust-random/rand/pull/1096"
categories = ["crypto-failure"]
keywords = []
# Optional: metadata which narrows the scope of what this advisory affects
[affected.functions]
"rand_core::le::read_u32_into" = ["< 0.6.2, >= 0.6.0"]
"rand_core::le::read_u64_into" = ["< 0.6.2, >= 0.6.0"]
[versions]
patched = [">= 0.6.2"]
unaffected = ["< 0.6.0"]
```
# Incorrect check on buffer length when seeding RNGs
Summary: rand_core::le::read_u32_into and read_u64_into have incorrect checks on the source buffer length, allowing the destination buffer to be under-filled.
Implications: some downstream RNGs, including Hc128Rng (but not the more widely used ChaCha*Rng), allow seeding using the SeedableRng::from_seed trait-function with too short keys.