CVE-2020-25576 — Incorrect Type Conversion or Cast in Project Rand

CWE-704 — Incorrect Type Conversion or Cast7 documents5 sources

Severity

9.8CRITICALNVD

EPSS

0.5%

top 32.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Rand Project Rand Debian Rust-rand-core Msrc Azl3 Kata-containers 3.1.3-2 ON Azure Linux 3.0 +3 more

Timeline

PublishedSep 14

Latest updateAug 25

Description

An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

▶debiandebian/rust-rand-core< rust-rand-core 0.5.0-1 (bookworm)

▶NVDrand_project/rand< 0.4.2

▶msrcmsrc/azure_linux_3.0_arm

▶msrcmsrc/azure_linux_3.0_x64

▶msrcmsrc/azl3_kata-containers_3.1.3-2_on_azure_linux_3.0

🔴Vulnerability Details

GHSA

Unaligned memory access in rand_core↗2021-08-25

▶

OSV

Unaligned memory access in rand_core↗2021-08-25

▶

OSV

CVE-2020-25576: An issue was discovered in the rand_core crate before 0↗2020-09-14

▶

OSV

Unaligned memory access↗2019-04-19

▶

📋Vendor Advisories

Microsoft

An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints.↗2020-09-08

▶

Debian

CVE-2020-25576: rust-rand-core - An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of...↗2020

▶