This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.
lz4(2 total, 1 possibly insecure)
| Crate | Required | Latest | Status |
|---|---|---|---|
| libc | ^0.2 | 0.2.153 | up to date |
| lz4-sys ⚠️ | ^1.9.3 | 1.9.4 | maybe insecure |
(2 total, all up-to-date)
| Crate | Required | Latest | Status |
|---|---|---|---|
| docmatic | ^0.1 | 0.1.2 | up to date |
| rand | >=0.7, <=0.8 | 0.8.5 | up to date |
lz4-sys: Memory corruption in liblz4lz4-sys up to v1.9.3 bundles a version of liblz4 that is vulnerable to CVE-2021-3520.
Attackers could craft a payload that triggers an integer overflow upon decompression, causing an out-of-bounds write.
The flaw has been corrected in version v1.9.4 of liblz4, which is included in lz4-sys 1.9.4.