RUSTSEC-2019-0035
Unaligned memory access
- Reported
- Issued
- Package
- rand_core (crates.io)
- Type
- INFO Unsound
- Aliases
- References
- CVSS Score
- 9.8 CRITICAL
- CVSS Details
-
- Attack vector
- Network
- Attack complexity
- Low
- Privileges required
- None
- User interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Patched
-
^0.3.1
>=0.4.2
- Affected Functions
- Version
rand_core::BlockRng::fill_bytes
-
<0.4.2
rand_core::BlockRng::next_u64
-
<0.4.2
Description
Affected versions of this crate violated alignment when casting byte slices to integer slices, resulting in undefined behavior.
The flaw was corrected by Ralf Jung and Diggory Hardy.
Advisory available under CC0-1.0 license.