Description
An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints.
Scores
CVSS v3
9.8
EPSS
0.0054
EPSS Percentile
67.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-704
Status
published
Products (2)
crates.io/rand_core
0.4.0 - 0.4.2crates.io
rand_project/rand
< 0.4.2
Published
Sep 14, 2020
Tracked Since
Feb 18, 2026