Lucene search
GoogleOSV:RUSTSEC-2021-0023HistoryFeb 12, 2021 - 12:00 p.m.
Incorrect check on buffer length when seeding RNGs
2021-02-1212:00:00
Google
osv.dev
6
0.002 Low
EPSS
Percentile
60.7%
Summary: rand_core::le::read_u32_into and read_u64_into have incorrect checks on the source buffer length, allowing the destination buffer to be under-filled.
Implications: some downstream RNGs, including Hc128Rng (but not the more widely used ChaCha*Rng), allow seeding using the SeedableRng::from_seed trait-function with too short keys.
Related
cvelist
cvelist
CVE-2021-27378
2021-02-18 03:35:07
osv
osv
Incorrect check on buffer length in rand_core
2021-08-25 20:52:16
CVE-2021-27378
2021-02-18 04:15:11
cve
cve
CVE-2021-27378
2021-02-18 04:15:11
rustsec
rustsec
Incorrect check on buffer length when seeding RNGs
2021-02-12 12:00:00
github
github
Incorrect check on buffer length in rand_core
2021-08-25 20:52:16
debiancve
debiancve
CVE-2021-27378
2021-02-18 04:15:11
cbl_mariner
cbl_mariner
CVE-2021-27378 affecting package librsvg2 for versions less than 2.58.1-1
2024-06-21 09:32:44
prion
prion
Buffer overflow
2021-02-18 04:15:00
nvd
nvd
CVE-2021-27378
2021-02-18 04:15:11
ubuntucve
ubuntucve
CVE-2021-27378
2021-02-18 00:00:00