Vulnerability Details CVE-2021-27378
An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2021-27378
-
cpe:2.3:a:rand_core_project:rand_core:0.6.0
-
cpe:2.3:a:rand_core_project:rand_core:0.6.1