In versions of nanorand prior to 0.5.1, RandomGen implementations for standard unsigned integers could fail to properly generate numbers, due to using bit-shifting to truncate a 64-bit number, rather than just an as conversion. This often manifested as RNGs returning nothing but 0, including the cryptographically secure ChaCha random number generator.
{ "nvd_published_at": null, "cwe_ids": [ "CWE-338" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2021-08-19T18:55:41Z" }