boringdb (>=0.2.0 <=0.3.10), bp7 (>=0.7.0 <=0.8.1) +19 more potentially affected by CVE-2021-45705 via nanorand (=0.5.2)

nanorand CARGO version =0.5.2 is affected by a known vulnerability. The following packages have a transitive dependency on nanorand and may be impacted: - boringdb =0.2.0, =0.7.0, =0.13.0, =0.4.0, =0.10.0, =0.3.0, =0.3.14, =0.4.2, =0.4.1, =0.6.1, =0.1.0, =0.1.7, =0.2.1 and more Source cves:...

GHSA-R57R-J98G-587F Pointer dereference in nanorand

An issue was discovered in the nanorand crate before 0.6.1 for Rust. There can be multiple mutable references to the same object because the TlsWyRand Deref implementation dereferences a raw pointer...

boringdb (>=0.2.0 <=0.3.10), bp7 (>=0.7.0 <=0.8.1) +19 more potentially affected by CVE-2021-45705 via nanorand (=0.5.2)

nanorand CARGO version =0.5.2 is affected by a known vulnerability. The following packages have a transitive dependency on nanorand and may be impacted: - boringdb =0.2.0, =0.7.0, =0.13.0, =0.4.0, =0.10.0, =0.3.0, =0.3.14, =0.4.2, =0.4.1, =0.6.1, =0.1.0, =0.1.7, =0.2.1 and more Source cves:...

Mozilla Rust has an unspecified vulnerability (CNVD-2022-03125)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. a security vulnerability exists in versions of Rust nanorand crate prior to 0.6.1, which stems from the fact that the same object can have multiple mutable references. No details of the vulnerability are current...

CVE-2021-45705

An issue was discovered in the nanorand crate before 0.6.1 for Rust. There can be multiple mutable references to the same object because the TlsWyRand Deref implementation dereferences a raw pointer...

CVE-2021-45705

The CVE-2021-45705 entry affects the Rust nanorand crate, specifically versions before 0.6.1. The root cause is that the TlsWyRand Deref implementation dereferences a raw pointer, which can yield multiple mutable references to the same object and results in undefined behavior. Impact described in...

boringdb (>=0.2.0 <=0.3.10), bp7 (>=0.7.0 <=0.8.1) +19 more potentially affected by CVE-2021-45705 via nanorand (=0.5.2)

nanorand CARGO version =0.5.2 is affected by a known vulnerability. The following packages have a transitive dependency on nanorand and may be impacted: - boringdb =0.2.0, =0.7.0, =0.13.0, =0.4.0, =0.10.0, =0.3.0, =0.3.14, =0.4.2, =0.4.1, =0.6.1, =0.1.0, =0.1.7, =0.2.1 and more Source cves:...

Improper random number generation in nanorand

In versions of nanorand prior to 0.5.1, RandomGen implementations for standard unsigned integers could fail to properly generate numbers, due to using bit-shifting to truncate a 64-bit number, rather than just an as conversion. This often manifested as RNGs returning nothing but 0, including the...

GHSA-M9M5-CG5H-R582 Improper random number generation in nanorand

In versions of nanorand prior to 0.5.1, RandomGen implementations for standard unsigned integers could fail to properly generate numbers, due to using bit-shifting to truncate a 64-bit number, rather than just an as conversion. This often manifested as RNGs returning nothing but 0, including the...

CVE-2020-35926

An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator even ChaCha to return all zeroes because integer truncation was mishandled...

CVE-2020-35926

CVE-2020-35926 concerns the nanorand crate for Rust prior to 0.5.1, where random number generators (including ChaCha) could return all zeroes due to integer truncation. This affects RNG implementations for standard unsigned integers and arises from using bit-shifting instead of a direct cast, per...

Rust Security Feature Issue Vulnerabilities

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in nanorand crate before 0.5.1 for Rust that stems from any random number generator even ChaCha returning all zeros due to improper handling of integer truncation...

nanorand 0.5.0 - RNGs failed to generate properly for non-64-bit numbers

In versions of nanorand prior to 0.5.1, RandomGen implementations for standard unsigned integers could fail to properly generate numbers, due to using bit-shifting to truncate a 64-bit number, rather than just an as conversion. This often manifested as RNGs returning nothing but 0, including the...

RUSTSEC-2020-0089 nanorand 0.5.0 - RNGs failed to generate properly for non-64-bit numbers

In versions of nanorand prior to 0.5.1, RandomGen implementations for standard unsigned integers could fail to properly generate numbers, due to using bit-shifting to truncate a 64-bit number, rather than just an as conversion. This often manifested as RNGs returning nothing but 0, including the...