Lucene search
+L

4 matches found

vulnersOsv
vulnersOsv
added 2021/08/25 8:50 p.m.3 views

async-metronome (=0.2.0), bach (>=0.0.1 <=0.0.2) +18 more potentially affected by CVE-2020-35926 via nanorand (=0.4.4)

nanorand CARGO version =0.4.4 is affected by a known vulnerability. The following packages have a transitive dependency on nanorand and may be impacted: - async-metronome =0.2.0 - bach =0.0.1, =0.8.6, =0.1.0, =0.1.0, =0.4.3, =0.1.0, =0.0.1, =0.1.3, =0.1.4 - rune-cli =0.7.0 and more Source cves:...

9.8CVSS7.2AI score0.01515EPSS
Exploits0
NVD
NVD
added 2020/12/31 9:15 a.m.62 views

CVE-2020-35926

An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator even ChaCha to return all zeroes because integer truncation was mishandled...

9.8CVSS9.4AI score0.01515EPSS
Exploits0References1
CVE
CVE
added 2020/12/31 8:16 a.m.58 views

CVE-2020-35926

CVE-2020-35926 concerns the nanorand crate for Rust prior to 0.5.1, where random number generators (including ChaCha) could return all zeroes due to integer truncation. This affects RNG implementations for standard unsigned integers and arises from using bit-shifting instead of a direct cast, per...

9.8CVSS9.3AI score0.01515EPSS
Exploits0References1Affected Software1
vulnersOsv
vulnersOsv
added 2020/12/09 12:0 p.m.5 views

async-metronome (=0.2.0), bach (>=0.0.1 <=0.0.2) +18 more potentially affected by CVE-2020-35926 via nanorand (=0.4.4)

nanorand CARGO version =0.4.4 is affected by a known vulnerability. The following packages have a transitive dependency on nanorand and may be impacted: - async-metronome =0.2.0 - bach =0.0.1, =0.8.6, =0.1.0, =0.1.0, =0.4.3, =0.1.0, =0.0.1, =0.1.3, =0.1.4 - rune-cli =0.7.0 and more Source cves:...

9.8CVSS7.2AI score0.01515EPSS
Exploits0
Rows per page
Query Builder