This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.
librocksdb-sys(6 total, 1 possibly insecure)
| Crate | Required | Latest | Status |
|---|---|---|---|
| bzip2-sys | ^0.1 | 0.1.11+1.0.8 | up to date |
| libc | ^0.2 | 0.2.155 | up to date |
| libz-sys | ^1.1 | 1.1.16 | up to date |
| lz4-sys ⚠️ | ^1.9 | 1.9.4 | maybe insecure |
| tikv-jemalloc-sys | ^0.5 | 0.5.4+5.3.0-patched | up to date |
| zstd-sys | ^2.0 | 2.0.10+zstd.1.5.6 | up to date |
(2 total, all up-to-date)
| Crate | Required | Latest | Status |
|---|---|---|---|
| const-cstr | ^0.3 | 0.3.0 | up to date |
| uuid | ^1.0 | 1.8.0 | up to date |
lz4-sys: Memory corruption in liblz4lz4-sys up to v1.9.3 bundles a version of liblz4 that is vulnerable to CVE-2021-3520.
Attackers could craft a payload that triggers an integer overflow upon decompression, causing an out-of-bounds write.
The flaw has been corrected in version v1.9.4 of liblz4, which is included in lz4-sys 1.9.4.