- Reported
-
- Issued
-
- Package
-
nanorand
(crates.io)
- Type
-
Vulnerability
- Keywords
-
#memory-safety
#aliasing
- Aliases
-
- References
-
- Patched
-
- Unaffected
-
- Affected Functions
- Version
nanorand::tls::tls_rand
-
Description
TlsWyRand
's implementation of Deref
unconditionally dereferences a raw pointer, and returns
multiple mutable references to the same object, which is undefined behavior.
Advisory available under CC0-1.0
license.