This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate solana-sdk

Dependencies

(21 total, 10 outdated, 2 possibly insecure)

CrateRequiredLatestStatus
 assert_matches^1.3.01.5.0up to date
 bincode^1.1.41.3.3up to date
 bs58^0.2.00.5.1out of date
 byteorder^1.3.21.5.0up to date
 chrono ⚠️^0.4.70.4.37maybe insecure
 generic-array ⚠️^0.13.21.0.0out of date
 hex^0.3.20.4.3out of date
 itertools^0.8.00.12.1out of date
 log^0.4.80.4.21up to date
 memmap^0.6.20.7.0out of date
 num-derive^0.20.4.2out of date
 num-traits^0.20.2.18up to date
 rand^0.6.50.8.5out of date
 rayon^1.1.01.10.0up to date
 serde^1.0.981.0.197up to date
 serde_derive^1.0.981.0.197up to date
 serde_json^1.0.401.0.115up to date
 sha2^0.8.00.10.8out of date
 solana-ed25519-dalek^0.2.0N/Aup to date
 solana-logger^0.18.0-pre11.18.8out of date
 untrusted^0.7.00.9.0out of date

Security Vulnerabilities

generic-array: arr! macro erases lifetimes

RUSTSEC-2020-0146

Affected versions of this crate allowed unsoundly extending lifetimes using arr! macro. This may result in a variety of memory corruption scenarios, most likely use-after-free.

chrono: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References