HistoryEdit

RUSTSEC-2021-0114

Aliased mutable references from tls_rand & TlsWyRand

Reported
Issued
Package
nanorand (crates.io)
Type
Vulnerability
Keywords
#memory-safety #aliasing
Details
https://github.com/Absolucy/nanorand-rs/issues/28
Patched
  • >=0.6.1
Unaffected
  • <0.5.0
Affected Functions
Version
nanorand::tls::tls_rand
  • >=0.5.0
  • <=0.6.0

Description

TlsWyRand's implementation of Deref unconditionally dereferences a raw pointer, and returns multiple mutable references to the same object, which is undefined behavior.