CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/22 3:32 p.m.•9 views

CVE-2020-35926

An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator even ChaCha to return all zeroes because integer truncation was mishandled...

9.8CVSS6.8AI score0.00433EPSS

vulnersOsv•added 2022/06/17 12:13 a.m.•0 views

boringdb (>=0.2.0 <=0.3.10), bp7 (>=0.7.0 <=0.8.1) +19 more potentially affected by CVE-2021-45705 via nanorand (=0.5.2)

nanorand CARGO version =0.5.2 is affected by a known vulnerability. The following packages have a transitive dependency on nanorand and may be impacted: - boringdb =0.2.0, =0.7.0, =0.13.0, =0.4.0, =0.10.0, =0.3.0, =0.3.14, =0.4.2, =0.4.1, =0.6.1, =0.1.0, =0.1.7, =0.2.1 and more Source cves:...

OSV•added 2022/01/06 10:8 p.m.•26 views

GHSA-R57R-J98G-587F Pointer dereference in nanorand

9.8CVSS9.3AI score0.00433EPSS

Exploits0References5

vulnersOsv•added 2022/01/06 10:8 p.m.•1 views

boringdb (>=0.2.0 <=0.3.10), bp7 (>=0.7.0 <=0.8.1) +19 more potentially affected by CVE-2021-45705 via nanorand (=0.5.2)

CNVD•added 2021/12/28 12:0 a.m.•15 views

Mozilla Rust has an unspecified vulnerability (CNVD-2022-03125)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. a security vulnerability exists in versions of Rust nanorand crate prior to 0.6.1, which stems from the fact that the same object can have multiple mutable references. No details of the vulnerability are current...

9.8CVSS3.4AI score0.00433EPSS

Exploits0References1

OSV•added 2021/12/27 12:15 a.m.•1 views

CVE-2021-45705

9.8CVSS7.3AI score

NVD•added 2021/12/27 12:15 a.m.•9 views

CVE-2021-45705

9.8CVSS0.00433EPSS

Prion•added 2021/12/27 12:15 a.m.•10 views

Null pointer dereference

7.5CVSS9.3AI score0.00433EPSS

Exploits0References2Affected Software1

CNNVD•added 2021/12/27 12:0 a.m.•1 views

Rust 安全漏洞

9.8CVSS5.6AI score0.00433EPSS

CVE•added 2021/12/26 9:48 p.m.•51 views

CVE-2021-45705

The CVE-2021-45705 entry affects the Rust nanorand crate, specifically versions before 0.6.1. The root cause is that the TlsWyRand Deref implementation dereferences a raw pointer, which can yield multiple mutable references to the same object and results in undefined behavior. Impact described in...

9.8CVSS9.2AI score0.00433EPSS

Exploits0References2Affected Software1

Cvelist•added 2021/12/26 9:48 p.m.•8 views

CVE-2021-45705

9.6AI score0.00433EPSS

vulnersOsv•added 2021/09/23 12:0 p.m.•1 views

boringdb (>=0.2.0 <=0.3.10), bp7 (>=0.7.0 <=0.8.1) +19 more potentially affected by CVE-2021-45705 via nanorand (=0.5.2)

Github Security Blog•added 2021/08/25 8:50 p.m.•22 views

Improper random number generation in nanorand

In versions of nanorand prior to 0.5.1, RandomGen implementations for standard unsigned integers could fail to properly generate numbers, due to using bit-shifting to truncate a 64-bit number, rather than just an as conversion. This often manifested as RNGs returning nothing but 0, including the...

9.8CVSS8.9AI score0.00433EPSS

Exploits0References5Affected Software1

OSV•added 2021/08/25 8:50 p.m.•24 views

GHSA-M9M5-CG5H-R582 Improper random number generation in nanorand

5.1CVSS9.4AI score0.00433EPSS

Exploits0References5

vulnersOsv•added 2021/08/25 8:50 p.m.•1 views

async-metronome (=0.2.0), bach (>=0.0.1 <=0.0.2) +18 more potentially affected by CVE-2020-35926 via nanorand (=0.4.4)

nanorand CARGO version =0.4.4 is affected by a known vulnerability. The following packages have a transitive dependency on nanorand and may be impacted: - async-metronome =0.2.0 - bach =0.0.1, =0.8.6, =0.1.0, =0.1.0, =0.4.3, =0.1.0, =0.0.1, =0.1.3, =0.1.4 - rune-cli =0.7.0 and more Source cves:...