crates.io package
nanorand
pkg:cargo/nanorand
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-45705 | — | >= 0.5.0, < 0.6.1 | 0.6.1 | Dec 26, 2021 | An issue was discovered in the nanorand crate before 0.6.1 for Rust. There can be multiple mutable references to the same object because the TlsWyRand Deref implementation dereferences a raw pointer. | ||
| CVE-2020-35926 | — | < 0.5.1 | 0.5.1 | Dec 31, 2020 | An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator (even ChaCha) to return all zeroes because integer truncation was mishandled. |
- CVE-2021-45705Dec 26, 2021affected >= 0.5.0, < 0.6.1fixed 0.6.1
An issue was discovered in the nanorand crate before 0.6.1 for Rust. There can be multiple mutable references to the same object because the TlsWyRand Deref implementation dereferences a raw pointer.
- CVE-2020-35926Dec 31, 2020affected < 0.5.1fixed 0.5.1
An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator (even ChaCha) to return all zeroes because integer truncation was mishandled.