This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.
rdkafka-sys(5 total, 1 outdated, 1 possibly insecure)
| Crate | Required | Latest | Status |
|---|---|---|---|
| libc | ^0.2.65 | 0.2.153 | up to date |
| libz-sys | ^1.0 | 1.1.16 | up to date |
| lz4-sys ⚠️ | ^1.8.3 | 1.9.4 | maybe insecure |
| openssl-sys | ^0.9.48 | 0.9.102 | up to date |
| zstd-sys | ^1.4.15 | 2.0.10+zstd.1.5.6 | out of date |
lz4-sys: Memory corruption in liblz4lz4-sys up to v1.9.3 bundles a version of liblz4 that is vulnerable to CVE-2021-3520.
Attackers could craft a payload that triggers an integer overflow upon decompression, causing an out-of-bounds write.
The flaw has been corrected in version v1.9.4 of liblz4, which is included in lz4-sys 1.9.4.