Deps.rs

rustis 0.13.3

[![dependency status](https://deps.rs/crate/rustis/0.13.3/status.svg)](https://deps.rs/crate/rustis/0.13.3)

This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate rustis

Dependencies

(22 total, 2 outdated, 1 insecure)

CrateRequiredLatestStatus
 async-native-tls^0.50.5.0up to date
 async-std^1.121.13.1up to date
 atoi^2.02.0.0up to date
 bb8^0.80.9.0out of date
 bytes^1.61.10.1up to date
 crc16^0.40.4.0up to date
 dtoa^1.01.0.10up to date
 fast-float ⚠️^0.20.2.0insecure
 futures-channel^0.30.3.31up to date
 futures-util^0.30.3.31up to date
 itoa^1.01.0.15up to date
 log^0.40.4.27up to date
 memchr^2.72.7.4up to date
 native-tls^0.20.2.14up to date
 rand^0.80.9.0out of date
 serde^1.01.0.219up to date
 smallvec^1.131.14.0up to date
 socket2^0.50.5.9up to date
 tokio^1.371.44.1up to date
 tokio-native-tls^0.30.3.1up to date
 tokio-util^0.70.7.14up to date
 url^2.52.5.4up to date

Dev dependencies

(10 total, 4 outdated)

CrateRequiredLatestStatus
 actix-web^4.34.10.2up to date
 axum^0.70.8.3out of date
 criterion^0.50.5.1up to date
 env_logger^0.110.11.7up to date
 fred^9.010.1.0out of date
 rand^0.80.9.0out of date
 redis^0.250.29.2out of date
 serial_test^3.03.2.0up to date
 smallvec^1.131.14.0up to date
 tokio^1.371.44.1up to date

Security Vulnerabilities

fast-float: Segmentation fault due to lack of bound check

RUSTSEC-2025-0003

In this case, the "fast_float::common::AsciiStr::first" method within the "AsciiStr" struct uses the unsafe keyword to reading from memory without performing bounds checking. Specifically, it directly dereferences a pointer offset by "self.ptr". Because of the above reason, the method accesses invalid memory address when it takes an empty string as its input. This approach violates Rust’s memory safety guarantees, as it can lead to invalid memory access if empty buffer is provided.

No patched version for fast-float crate has been released, but a patch is available in the fast-float2 fork.