RUSTSEC-2019-0035

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2019-0035

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2019-0035.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2019-0035

Aliases

Published

2019-04-19T12:00:00Z

Modified

2023-11-08T04:03:10.161773Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Unaligned memory access

Details

Affected versions of this crate violated alignment when casting byte slices to integer slices, resulting in undefined behavior.

The flaw was corrected by Ralf Jung and Diggory Hardy.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / rand_core

Package

Name: rand_core; View open source insights on deps.dev
Purl: pkg:cargo/rand_core

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Fixed

0.3.1

Introduced

0.4.0-0

Fixed

0.4.2

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [
            "rand_core::BlockRng::fill_bytes",
            "rand_core::BlockRng::next_u64"
        ],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "informational": "unsound",
    "categories": []
}