- Reported
-
- Issued
-
- Package
-
nanorand
(crates.io)
- Type
-
Vulnerability
- Keywords
-
#memory-safety
#aliasing
- Details
-
https://github.com/Absolucy/nanorand-rs/issues/28
- Patched
-
- Unaffected
-
- Affected Functions
- Version
nanorand::tls::tls_rand
-
Description
TlsWyRand
's implementation of Deref
unconditionally dereferences a raw pointer, and returns
multiple mutable references to the same object, which is undefined behavior.