Undefined behavior in Rand (#149)

Co-authored-by: Ralf Jung <post@ralfj.de> Co-authored-by: Tony Arcieri <bascule@gmail.com>
rustsec · Jul 24, 2020 · 6d23861 · 6d23861
1 parent ce0b602
commit 6d23861
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/crates/rand_core/RUSTSEC-0000-0000.toml b/crates/rand_core/RUSTSEC-0000-0000.toml
@@ -0,0 +1,20 @@
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "rand_core"
+date = "2019-04-19"
+informational = "unsound"
+title = "Unaligned memory access"
+description = """
+Affected versions of this crate violated alignment when casting byte slices to
+integer slices, resulting in undefined behavior.
+
+The flaw was corrected by Ralf Jung and Diggory Hardy.
+"""
+url = "https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#050---2019-06-06"
+
+[affected.functions]
+"rand_core::BlockRng::next_u64" = ["< 0.4.2"]
+"rand_core::BlockRng::fill_bytes" = ["< 0.4.2"]
+
+[versions]
+patched = [">= 0.4.2"]