BinaryArray performs insufficient validation on creation, which allows out-of-bounds reads in safe code.
[](https://deps.rs/crate/argminmax/0.6.2)
This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.
argminmax(5 total, 1 outdated, 2 possibly insecure)
| Crate | Required | Latest | Status |
|---|---|---|---|
| arrow ⚠️ | >0 | 53.2.0 | maybe insecure |
| arrow2 ⚠️ | >0.0 | 0.18.0 | maybe insecure |
| half | ^2.3.1 | 2.4.1 | up to date |
| ndarray | ^0.15.6 | 0.16.1 | out of date |
| num-traits | ^0.2 | 0.2.19 | up to date |
(5 total, 2 outdated)
| Crate | Required | Latest | Status |
|---|---|---|---|
| codspeed-criterion-compat | ^2.3.3 | 2.7.2 | up to date |
| criterion | ^0.5.1 | 0.5.1 | up to date |
| rand | ^0.8.5 | 0.8.5 | up to date |
| rstest | ^0.18.2 | 0.23.0 | out of date |
| rstest_reuse | ^0.6 | 0.7.0 | out of date |
arrow: `BinaryArray` does not perform bound checks on reading values and offsetsBinaryArray performs insufficient validation on creation, which allows out-of-bounds reads in safe code.
arrow: `DecimalArray` does not perform bound checks on accessing values and offsetsDecimalArray performs insufficient bounds checks,
which allows out-of-bounds reads in safe code
if the length of the backing buffer is not a multiple of 16.
arrow: `FixedSizeBinaryArray` does not perform bound checks on accessing values and offsetsFixedSizeBinaryArray performs insufficient bounds checks, which allows out-of-bounds reads in safe code.
arrow2: Arrow2 allows double free in `safe` codeThe struct Ffi_ArrowArray implements #derive(Clone) that is inconsistent with
its custom implementation of Drop, resulting in a double free when cloned.
Cloning this struct in safe results in a segmentation fault, which is unsound.
This derive was removed from this struct. All users are advised to either:
v0.7,v0.8,v0.9), or<0.7).Doing so elimitates this vulnerability (code no longer compiles).