Deps.rs

integrated-reasoning / mps

[![dependency status](https://deps.rs/repo/github/integrated-reasoning/mps/status.svg)](https://deps.rs/repo/github/integrated-reasoning/mps)

This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate mps

Dependencies

(9 total, 3 outdated, 1 insecure)

CrateRequiredLatestStatus
 cfg-if^1.0.01.0.0up to date
 clap^4.4.114.5.32up to date
 color-eyre^0.6.20.6.3up to date
 fast-float ⚠️^0.2.00.2.0insecure
 hashbrown^0.14.30.15.2out of date
 nom^7.1.38.0.0out of date
 nom-tracable^0.9.00.9.1up to date
 nom_locate^4.2.05.0.0out of date
 serde^1.0.1951.0.219up to date

Dev dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 criterion^0.5.10.5.1up to date
 insta^1.34.01.42.2up to date
 proptest^1.4.01.6.0up to date

Security Vulnerabilities

fast-float: Segmentation fault due to lack of bound check

RUSTSEC-2025-0003

In this case, the "fast_float::common::AsciiStr::first" method within the "AsciiStr" struct uses the unsafe keyword to reading from memory without performing bounds checking. Specifically, it directly dereferences a pointer offset by "self.ptr". Because of the above reason, the method accesses invalid memory address when it takes an empty string as its input. This approach violates Rust’s memory safety guarantees, as it can lead to invalid memory access if empty buffer is provided.

No patched version for fast-float crate has been released, but a patch is available in the fast-float2 fork.