Lucene search
GoogleOSV:GHSA-M9M5-CG5H-R582HistoryAug 25, 2021 - 8:50 p.m.
Improper random number generation in nanorand
2021-08-2520:50:24
Google
osv.dev
8
nanorand
random number generation
versions
0.5.1
randomgen
unsigned integers
bit-shifting
64-bit number
as conversion
rngs
cryptographically secure
chacha
software
EPSS
0.002
Percentile
60.7%
In versions of nanorand prior to 0.5.1, RandomGen implementations for standard unsigned integers could fail to properly generate numbers, due to using bit-shifting to truncate a 64-bit number, rather than just an as conversion. This often manifested as RNGs returning nothing but 0, including the cryptographically secure ChaCha random number generator.
Related
osv
osv
nanorand 0.5.0 - RNGs failed to generate properly for non-64-bit numbers
2020-12-09 12:00:00
cve
cve
CVE-2020-35926
2020-12-31 09:15:16
rustsec
rustsec
nanorand 0.5.0 - RNGs failed to generate properly for non-64-bit numbers
2020-12-09 12:00:00
prion
prion
Integer overflow
2020-12-31 09:15:00
cvelist
cvelist
CVE-2020-35926
2020-12-31 08:16:30
github
github
Improper random number generation in nanorand
2021-08-25 20:50:24
nvd
nvd
CVE-2020-35926
2020-12-31 09:15:16