RUSTSEC-2021-0023: rand_core: Incorrect check on buffer length when seeding RNGs


Summary: rand_core::le::read_u32_into and read_u64_into have incorrect checks on the source buffer length, allowing the destination buffer to be under-filled.

Implications: some downstream RNGs, including Hc128Rng (but not the more widely used ChaCha*Rng), allow seeding using the SeedableRng::from_seed trait-function with too short keys.

More Info

Patched Versions

Unaffected Versions