CVE-2021-45705 – nanorand

Package

Manager: cargo
Name: nanorand
Vulnerable Version: >=0.5.0 <0.6.1

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00433 pctl0.61951

Details

Pointer dereference in nanorand An issue was discovered in the nanorand crate before 0.6.1 for Rust. There can be multiple mutable references to the same object because the TlsWyRand Deref implementation dereferences a raw pointer.

Metadata

Created: 2022-01-06T22:08:56Z
Modified: 2022-01-07T18:29:44Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-r57r-j98g-587f/GHSA-r57r-j98g-587f.json
CWE IDs: []
Alternative ID: GHSA-r57r-j98g-587f
Finding: F004
Auto approve: 1