OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-02 06:51:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
22b59ea8a3d2f1bef099f0904eaae3c96e4773b0
advisory-db/crates/rand_core/RUSTSEC-2019-0035.md
Sergey "Shnatsel" Davidoff e084c94822 Update RUSTSEC-2019-0035.md
2021-01-20 20:52:39 +01:00

639 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2019-0035"
package = "rand_core"
aliases = ["GHSA-mmc9-pwm7-qj5w", "CVE-2020-25576"]
date = "2019-04-19"
informational = "unsound"
url = "https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#050---2019-06-06"

[affected.functions]
"rand_core::BlockRng::fill_bytes" = ["< 0.4.2"]
"rand_core::BlockRng::next_u64" = ["< 0.4.2"]

[versions]
patched = [">= 0.3.1", ">= 0.4.2"]

Unaligned memory access

Affected versions of this crate violated alignment when casting byte slices to integer slices, resulting in undefined behavior.

The flaw was corrected by Ralf Jung and Diggory Hardy.