OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-07 04:01:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
d8701fad2d40aeca8e8564692f14a8d7c30a5136
advisory-db/crates/rand_core/RUSTSEC-2019-0035.md
Sergey "Shnatsel" Davidoff 40afced5fb Remove range overlaps, fix some range specifications (#930) 
* Drop some clearly redundant bounds

* Fix RUSTSEC-2020-0091 - the version specification was incorrect, marking 1.0.0 as fixed while in reality it was not

* Fix RUSTSEC-2018-0004: presumably any updates to 0.3.x series would also get the fix, it would not be isolated to 0.3.2

* Fix incorrectly defined, overlapping ranges in RUSTSEC-2020-0080 and RUSTSEC-2019-0035
2021-06-04 23:26:23 +02:00

638 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2019-0035"
package = "rand_core"
aliases = ["GHSA-mmc9-pwm7-qj5w", "CVE-2020-25576"]
date = "2019-04-19"
informational = "unsound"
url = "https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#050---2019-06-06"

[affected.functions]
"rand_core::BlockRng::fill_bytes" = ["< 0.4.2"]
"rand_core::BlockRng::next_u64" = ["< 0.4.2"]

[versions]
patched = ["^ 0.3.1", ">= 0.4.2"]

Unaligned memory access

Affected versions of this crate violated alignment when casting byte slices to integer slices, resulting in undefined behavior.

The flaw was corrected by Ralf Jung and Diggory Hardy.