Deps.rs

cursive 0.9.2

[![dependency status](https://deps.rs/crate/cursive/0.9.2/status.svg)](https://deps.rs/crate/cursive/0.9.2)

This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate cursive

Dependencies

(19 total, 13 outdated, 3 insecure)

CrateRequiredLatestStatus
 bear-lib-terminal^1.32.0.0out of date
 crossbeam-channel^0.20.5.15out of date
 enum-map^0.42.7.3out of date
 enumset^0.31.1.10out of date
 libc^0.20.2.177up to date
 log^0.40.4.28up to date
 maplit^1.01.0.2up to date
 ncurses ⚠️^5.916.0.1insecure
 num^0.20.4.3out of date
 owning_ref ⚠️^0.40.4.1insecure
 pancurses ⚠️^0.160.17.0insecure
 pulldown-cmark^0.10.13.0out of date
 signal-hook^0.10.3.18out of date
 term_size^0.30.3.2up to date
 termion^1.54.0.5out of date
 toml^0.40.9.8out of date
 unicode-segmentation^1.01.12.0up to date
 unicode-width^0.10.2.2out of date
 xi-unicode^0.10.3.0out of date

Dev dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 pretty-bytes^0.20.2.2up to date
 rand^0.50.9.2out of date

Security Vulnerabilities

pancurses: Format string vulnerabilities in `pancurses`

RUSTSEC-2019-0005

pancurses::mvprintw and pancurses::printw passes a pointer from a rust &str to C, allowing hostile input to execute a format string attack, which trivially allows writing arbitrary data to stack memory.

ncurses: Buffer overflow and format vulnerabilities in functions exposed without unsafe

RUSTSEC-2019-0006

ncurses exposes functions from the ncurses library which:

  • Pass buffers without length to C functions that may write an arbitrary amount of data, leading to a buffer overflow. (instr, mvwinstr, etc)
  • Passes rust &str to strings expecting C format arguments, allowing hostile input to execute a format string attack, which trivially allows writing arbitrary data to stack memory (functions in the printw family).

owning_ref: Multiple soundness issues in `owning_ref`

RUSTSEC-2022-0040

  • OwningRef::map_with_owner is unsound and may result in a use-after-free.
  • OwningRef::map is unsound and may result in a use-after-free.
  • OwningRefMut::as_owner and OwningRefMut::as_owner_mut are unsound and may result in a use-after-free.
  • The crate violates Rust's aliasing rules, which may cause miscompilations on recent compilers that emit the LLVM noalias attribute.

safer_owning_ref is a replacement crate which fixes these issues. No patched versions of the original crate are available, and the maintainer is unresponsive.