rand_core

crates.io2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting rand_corepage 1 of 1

CVE-2020-25576CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.4.2
2020-09-14
An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints.
CVE-2021-27378CRITICALCVSS 9.8EG 9.8✓ Fixed in 0.6.2
2021-02-18
An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data.

Check whether rand_core is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for rand_core CVEs against the assets you own.

Start Free Scan →