{"id":"RUSTSEC-2020-0089","summary":"nanorand 0.5.0 - RNGs failed to generate properly for non-64-bit numbers","details":"In versions of `nanorand` prior to 0.5.1, `RandomGen` implementations for standard unsigned integers could\nfail to properly generate numbers, due to using bit-shifting to truncate a 64-bit number, rather than just\nan `as` conversion.\n\nThis often manifested as RNGs returning nothing but 0, including the cryptographically secure `ChaCha` random\nnumber generator..","aliases":["CVE-2020-35926","GHSA-m9m5-cg5h-r582"],"modified":"2023-11-08T04:03:39.769670Z","published":"2020-12-09T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/nanorand"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2020-0089.html"},{"type":"WEB","url":"https://twitter.com/aspenluxxxy/status/1336684692284772352"}],"affected":[{"package":{"name":"nanorand","ecosystem":"crates.io","purl":"pkg:cargo/nanorand"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.5.1"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"arch":[],"os":[],"functions":[]}},"database_specific":{"informational":null,"categories":["crypto-failure"],"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2020-0089.json","cvss":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}]}