Skip to content

Unaligned memory access

Low
vks published GHSA-mmc9-pwm7-qj5w Aug 1, 2020

Package

rand_core (crates.io)

Affected versions

< 0.4.2

Patched versions

>= 0.4.2

Description

Impact

Affected versions of this crate violated alignment when casting byte slices to integer slices, resulting in undefined behavior. rand_core::BlockRng::next_u64 and rand_core::BlockRng::fill_bytes are affected.

Patches

The flaw was corrected by Ralf Jung and Diggory Hardy for rand_core >= 0.4.2.

Workarounds

None.

References

See Rand's changelog.

For more information

If you have any questions or comments about this advisory, open an issue in the Rand repository.

Severity

Low

CVE ID

No known CVE

Weaknesses

No CWEs