Summary: randcore::le::readu32into and readu64_into have incorrect checks on the source buffer length, allowing the destination buffer to be under-filled.
Implications: some downstream RNGs, including Hc128Rng (but not the more widely used ChaCha*Rng), allow seeding using the SeedableRng::from_seed trait-function with too short keys.
{ "license": "CC0-1.0" }