CVE-2020-35926

CRITICAL

nanorand <0.5.1 - Info Disclosure

Title source: llm

Description

An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator (even ChaCha) to return all zeroes because integer truncation was mishandled.

References (1)

[Third Party Advisory] https://rustsec.org/advisories/RUSTSEC-2020-0089.html

Scores

CVSS v3 9.8

EPSS 0.0043

EPSS Percentile 62.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-681 CWE-330

Status published

Products (2)

crates.io/nanorand 0 - 0.5.1crates.io

nanorand_project/nanorand < 0.5.1

Published Dec 31, 2020

Tracked Since Feb 18, 2026