RUSTSEC-2021-0023
Incorrect check on buffer length when seeding RNGs
- Reported
- Issued
- Package
- rand_core (crates.io)
- Type
- Vulnerability
- Categories
- Aliases
- References
- CVSS Score
- 9.8 CRITICAL
- CVSS Details
-
- Attack vector
- Network
- Attack complexity
- Low
- Privileges required
- None
- User interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Patched
-
>=0.6.2
- Unaffected
-
<0.6.0
- Affected Functions
- Version
rand_core::le::read_u32_into
-
<0.6.2, >=0.6.0
rand_core::le::read_u64_into
-
<0.6.2, >=0.6.0
Description
Summary: rand_core::le::read_u32_into and read_u64_into have incorrect checks on the source buffer length, allowing the destination buffer to be under-filled.
Implications: some downstream RNGs, including Hc128Rng (but not the more widely used ChaCha*Rng), allow seeding using the SeedableRng::from_seed trait-function with too short keys.
Advisory available under CC0-1.0 license.