HistoryEditJSON (OSV)

RUSTSEC-2021-0114

Aliased mutable references from tls_rand & TlsWyRand

Reported
Issued
Package
nanorand (crates.io)
Type
Vulnerability
Keywords
#memory-safety #aliasing
Aliases
References
Patched
  • >=0.6.1
Unaffected
  • <0.5.0
Affected Functions
Version
nanorand::tls::tls_rand
  • >=0.5.0
  • <=0.6.0

Description

TlsWyRand's implementation of Deref unconditionally dereferences a raw pointer, and returns multiple mutable references to the same object, which is undefined behavior.

Advisory available under CC0-1.0 license.