CVE-2020-35926

Critical

An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator (even ChaCha) to return all…

mitre·CWE-330·Published 2020-12-31

CVSS

9.8

EPSS

0.02

KEV

Exploits

cve.orgen

184 chars

An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator (even ChaCha) to return all zeroes because integer truncation was mishandled.

NVDen

184 chars

An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator (even ChaCha) to return all zeroes because integer truncation was mishandled.

In versions of `nanorand` prior to 0.5.1, `RandomGen` implementations for standard unsigned integers could fail to properly generate numbers, due to using bit-shifting to truncate a 64-bit number, rather than just an `as` conversion. This often manifested as RNGs returning nothing but 0, including the cryptographically secure `ChaCha` random number generator..

GHSAen

353 chars

In versions of nanorand prior to 0.5.1, RandomGen implementations for standard unsigned integers could fail to properly generate numbers, due to using bit-shifting to truncate a 64-bit number, rather than just an as conversion. This often manifested as RNGs returning nothing but 0, including the cryptographically secure ChaCha random number generator.

NVDes

246 chars

Se detectó un problema en la crate nanorand versiones anteriores a 0.5.1 para Rust. Causó que cualquier generador de números aleatorios (incluso ChaCha) devolviera todos los ceros porque el truncamiento de enteros se manejó inapropiadamente.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	GHSA	5.1	—	—	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N