Deps.rs

lib3h_p2p_protocol 0.0.42

[![dependency status](https://deps.rs/crate/lib3h_p2p_protocol/0.0.42/status.svg)](https://deps.rs/crate/lib3h_p2p_protocol/0.0.42)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate lib3h_p2p_protocol

Dependencies

(4 total, 4 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 capnp ⚠️=0.10.00.19.3out of date
 serde=1.0.1041.0.198out of date
 serde_derive=1.0.1041.0.198out of date
 serde_json=1.0.471.0.116out of date

Security Vulnerabilities

capnp: out-of-bounds read possible when setting list-of-pointers

RUSTSEC-2022-0068

If a message consumer expects data of type "list of pointers", and if the consumer performs certain specific actions on such data, then a message producer can cause the consumer to read out-of-bounds memory. This could trigger a process crash in the consumer, or in some cases could allow exfiltration of private in-memory data.

The C++ Cap'n Proto library is also affected by this bug. See the advisory on the main Cap'n Proto repo for a succinct description of the exact circumstances in which the problem can arise.