Deps.rs

malachite-nz 0.4.22

[![dependency status](https://deps.rs/crate/malachite-nz/0.4.22/status.svg)](https://deps.rs/crate/malachite-nz/0.4.22)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate malachite-nz

Dependencies

(10 total, 3 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 embed-doc-image^0.1.40.1.4up to date
 indoc^2.0.42.0.6up to date
 itertools^0.11.00.14.0out of date
 libm^0.2.80.2.15up to date
 malachite-base^0.4.220.6.0out of date
 num^0.4.30.4.3up to date
 pyo3 ⚠️^0.21.20.24.2out of date
 rug^1.24.11.27.0up to date
 serde^1.0.1881.0.219up to date
 serde_json^1.0.1051.0.140up to date

Security Vulnerabilities

pyo3: Risk of buffer overflow in `PyString::from_object`

RUSTSEC-2025-0020

PyString::from_object took &str arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the &str data and potentially leak contents of the out-of-bounds read (by raising a Python exception containing a copy of the data including the overflow).

In PyO3 0.24.1 this function will now allocate a CString to guarantee a terminating nul bytes. PyO3 0.25 will likely offer an alternative API which takes &CStr arguments.