Skip to content

Aliased mutable references from `tls_rand` & `TlsWyRand`

Moderate severity GitHub Reviewed Published Jun 17, 2022 to the GitHub Advisory Database • Updated Jun 13, 2023

Package

cargo nanorand (Rust)

Affected versions

>= 0.5.0, < 0.6.1

Patched versions

0.6.1

Description

TlsWyRand's implementation of Deref unconditionally dereferences a raw pointer, and returns
multiple mutable references to the same object, which is undefined behavior.

References

Published to the GitHub Advisory Database Jun 17, 2022
Reviewed Jun 17, 2022
Last updated Jun 13, 2023

Severity

Moderate

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-p6gj-gpc8-f8xw

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.