PT-2019-19977 · Rust · Rand Core

Publicado

2019-04-19

Atualizado

2021-08-25

CVE-2020-25576

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions rand core versions prior to 0.4.2

Description An issue was discovered in the rand core crate where casting of byte slices to integer slices mishandles alignment constraints, resulting in undefined behavior. The functions rand core::BlockRng::next u64 and rand core::BlockRng::fill bytes are affected.

Recommendations For versions prior to 0.4.2, update to version 0.4.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of rand core::BlockRng::next u64 and rand core::BlockRng::fill bytes functions until the update is applied.

Correção

Incorrect Type Conversion or Cast

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-704

Identificadores relacionados

CVE-2020-25576

GHSA-MMC9-PWM7-QJ5W

RUSTSEC-2019-0035

Produtos afetados

Rand Core

PT-2019-19977 · Rust · Rand Core

CVE-2020-25576

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14