This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate dqcsim


(28 total, 15 outdated, 2 possibly insecure)

 ansi_term^ to date
 backtrace^ to date
 clap^2.334.5.4out of date
 crossbeam-channel^ of date
 failure^ to date
 float-cmp^ of date
 git-testament^ of date
 humantime^ to date
 integer-sqrt^ to date
 ipc-channel^ of date
 is_executable^ of date
 lazy_static^ to date
 libc^ to date
 num-complex^ of date
 pathdiff^ to date
 rand^ of date
 rand_chacha^ of date
 ref_thread_local^ of date
 serde^ to date
 serde-transcode^ to date
 serde_cbor^ to date
 serde_json^ to date
 serde_yaml ⚠️^ of date
 structopt^ to date
 strum^ of date
 strum_macros^ of date
 term^ of date
 whoami ⚠️^ of date

Security Vulnerabilities

serde_yaml: Uncontrolled recursion leads to abort in deserialization


Affected versions of this crate did not properly check for recursion while deserializing aliases.

This allows an attacker to make a YAML file with an alias referring to itself causing an abort.

The flaw was corrected by checking the recursion depth.

whoami: Stack buffer overflow with whoami on several Unix platforms


With versions of the whoami crate >= 0.5.3 and < 1.5.0, calling any of these functions leads to an immediate stack buffer overflow on illumos and Solaris:

  • whoami::username
  • whoami::realname
  • whoami::username_os
  • whoami::realname_os

With versions of the whoami crate >= 0.5.3 and < 1.0.1, calling any of the above functions also leads to a stack buffer overflow on these platforms:

  • Bitrig
  • DragonFlyBSD
  • FreeBSD
  • NetBSD
  • OpenBSD

This occurs because of an incorrect definition of the passwd struct on those platforms.

As a result of this issue, denial of service and data corruption have both been observed in the wild. The issue is possibly exploitable as well.

This vulnerability also affects other Unix platforms that aren't Linux or macOS.

This issue has been addressed in whoami 1.5.0.

For more information, see this GitHub issue.