Deps.rs

cid_fork_rlay 0.3.1

[![dependency status](https://deps.rs/crate/cid_fork_rlay/0.3.1/status.svg)](https://deps.rs/crate/cid_fork_rlay/0.3.1)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate cid_fork_rlay

Dependencies

(3 total, 3 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 integer-encoding~1.0.34.0.0out of date
 multibase~0.6.00.9.1out of date
 multihash ⚠️~0.8.00.19.1out of date

Security Vulnerabilities

multihash: Unexpected panic in multihash `from_slice` parsing code

RUSTSEC-2020-0068

In versions prior 0.11.3 it's possible to make from_slice panic by feeding it certain malformed input. It's never documented that from_slice (and from_bytes which wraps it) can panic, and its' return type (Result<Self, DecodeError>) suggests otherwise.

In practice, from_slice/from_bytes is frequently used in networking code (for example in rust-libp2p) and is being called with unsanitized data from untrusted sources. This can allow attackers to cause DoS by causing an unexpected panic in the network client's code.