CVE-2021-27378

CRITICAL

Rust rand_core <0.6.2 - Info Disclosure

Title source: llm

Description

An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data.

References (1)

[Third Party Advisory] https://rustsec.org/advisories/RUSTSEC-2021-0023.html

Scores

CVSS v3 9.8

EPSS 0.0047

EPSS Percentile 64.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-131

Status published

Products (2)

crates.io/rand_core 0.6.0 - 0.6.2crates.io

rand_core_project/rand_core 0.6.0 - 0.6.2

Published Feb 18, 2021

Tracked Since Feb 18, 2026