Описание
Improper random number generation in nanorand
In versions of nanorand prior to 0.5.1, RandomGen implementations for standard unsigned integers could fail to properly generate numbers, due to using bit-shifting to truncate a 64-bit number, rather than just an as conversion. This often manifested as RNGs returning nothing but 0, including the cryptographically secure ChaCha random number generator.
Пакеты
Наименование
nanorand
rust
Затронутые версииВерсия исправления
< 0.5.1
0.5.1
Связанные уязвимости
CVSS3: 9.8
nvd
около 5 лет назад
An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator (even ChaCha) to return all zeroes because integer truncation was mishandled.