CVE-2021-27378

Name of the Vulnerable Software and Affected Versions rand core crate versions prior to 0.6.2

Description An issue was discovered in the rand core crate where the functions read u32 into and read u64 into mishandle certain buffer-length checks. This can cause a random number generator to be seeded with too little data, potentially leading to issues with downstream RNGs, including some that allow seeding with too short keys.

Recommendations For versions prior to 0.6.2, update to version 0.6.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the read u32 into and read u64 into functions until a patch is available. Avoid using these functions to seed random number generators with potentially insufficient data.