This project contains known security vulnerabilities . Find detailed information at the bottom .
Crate exonum-cli Dependencies (9 total, all up-to-date)
Dev dependencies (5 total, 2 outdated)
Crate exonum Dependencies (13 total, 1 outdated)
Dev dependencies (7 total, all up-to-date)
Crate exonum-node Dependencies (19 total, 5 outdated)
Dev dependencies (6 total, all up-to-date)
Crate exonum-cryptocurrency Dependencies (5 total, all up-to-date)
Dev dependencies (4 total, 1 outdated)
Crate exonum-cryptocurrency-advanced Dependencies (5 total, 1 outdated)
Dev dependencies (6 total, all up-to-date)
Crate exonum-sample-runtime Dependencies (2 total, 1 outdated)
Crate Required Latest Status futures ^0.3.40.3.14up to date tokio ^0.2.221.5.0out of date
Crate exonum-timestamping Dependencies (8 total, 1 outdated)
Dev dependencies (1 total, all up-to-date)
Crate exonum-explorer-service Dependencies (11 total, 1 outdated)
Dev dependencies (4 total, 2 outdated)
Crate exonum-middleware-service Dependencies (5 total, 1 outdated)
Dev dependencies (1 total, all up-to-date)
Crate Required Latest Status serde_json ^1.01.0.64up to date
Crate exonum-time Dependencies (7 total, all up-to-date)
Dev dependencies (3 total, 1 outdated)
Crate exonum-supervisor Dependencies (10 total, all up-to-date)
Dev dependencies (2 total, 1 outdated)
Crate Required Latest Status bincode ^1.31.3.3up to date tokio ^0.2.221.5.0out of date
Crate exonum-testkit Dependencies (13 total, 4 outdated)
Dev dependencies (6 total, all up-to-date)
Crate exonum-testkit-server Dependencies (1 total, 1 outdated)
Crate Required Latest Status tokio ^0.2.131.5.0out of date
Crate exonum-rust-runtime-proto-tests Dependencies (7 total, all up-to-date)
Dev dependencies (2 total, 2 outdated)
Crate Required Latest Status reqwest ^0.10.40.11.3out of date tokio ^0.2.131.5.0out of date
Crate exonum-soak-tests Dependencies (9 total, 2 outdated)
Crate exonum-rust-runtime Dependencies (7 total, 1 outdated)
Dev dependencies (8 total, all up-to-date)
Crate exonum-api Dependencies (11 total, 2 outdated)
Dev dependencies (2 total, all up-to-date)
Crate exonum-build Dependencies (5 total, all up-to-date)
Crate exonum-crypto Dependencies (6 total, all up-to-date)
Dev dependencies (2 total, all up-to-date)
Crate exonum-derive Dependencies (5 total, 1 outdated)
Crate Required Latest Status darling ^0.12.00.12.4up to date proc-macro2 ^1.01.0.26up to date quote ^1.01.0.9up to date syn ^1.01.0.72up to date semver ^0.100.11.0out of date
Crate exonum-explorer Dependencies (4 total, all up-to-date)
Crate Required Latest Status chrono ^0.4.60.4.19up to date hex ^0.4.20.4.3up to date serde ^1.01.0.125up to date serde_derive ^1.01.0.125up to date
Dev dependencies (2 total, all up-to-date)
Crate exonum-keys Dependencies (8 total, all up-to-date)
Dev dependencies (3 total, all up-to-date)
Crate Required Latest Status hex ^0.4.20.4.3up to date serde_json ^1.01.0.64up to date tempfile ^3.23.2.0up to date
Crate exonum-merkledb Dependencies (16 total, 1 outdated, 1 insecure)
Dev dependencies (11 total, all up-to-date)
Crate exonum-proto Dependencies (9 total, all up-to-date)
Dev dependencies (2 total, all up-to-date)
Crate Required Latest Status rand ^0.80.8.3up to date serde_json ^1.01.0.64up to date
Crate exonum-system-api Dependencies (5 total, 1 outdated)
Dev dependencies (3 total, 1 outdated)
Security Vulnerabilities smallvec: Buffer overflow in SmallVec::insert_manyRUSTSEC-2021-0003
A bug in the SmallVec::insert_many method caused it to allocate a buffer that was smaller than needed. It then wrote past the end of the buffer, causing a buffer overflow and memory corruption on the heap.
This bug was only triggered if the iterator passed to insert_many yielded more items than the lower bound returned from its size_hint method.
The flaw was corrected in smallvec 0.6.14 and 1.6.1, by ensuring that additional space is always reserved for each item inserted. The fix also simplified the implementation of insert_many to use less unsafe code, so it is easier to verify its correctness.
Thank you to Yechan Bae (@Qwaz) and the Rust group at Georgia Tech’s SSLab for finding and reporting this bug.
Patched
>=0.6.14, <1.0.0
>=1.6.1
