This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.
libspeedb-sys(6 total, 1 outdated, 1 possibly insecure)
| Crate | Required | Latest | Status |
|---|---|---|---|
| bzip2-sys | ^0.1 | 0.1.11+1.0.8 | up to date |
| libc | ^0.2 | 0.2.162 | up to date |
| libz-sys | ^1.1 | 1.1.20 | up to date |
| lz4-sys ⚠️ | ^1.9 | 1.11.1+lz4-1.10.0 | maybe insecure |
| tikv-jemalloc-sys | ^0.5 | 0.6.0+5.3.0-1-ge13ca993e8ccb9ba9847cc330696e02839f328f7 | out of date |
| zstd-sys | ^2.0 | 2.0.13+zstd.1.5.6 | up to date |
(2 total, all up-to-date)
| Crate | Required | Latest | Status |
|---|---|---|---|
| const-cstr | ^0.3 | 0.3.0 | up to date |
| uuid | ^1.0 | 1.11.0 | up to date |
lz4-sys: Memory corruption in liblz4lz4-sys up to v1.9.3 bundles a version of liblz4 that is vulnerable to CVE-2021-3520.
Attackers could craft a payload that triggers an integer overflow upon decompression, causing an out-of-bounds write.
The flaw has been corrected in version v1.9.4 of liblz4, which is included in lz4-sys 1.9.4.