Previously, MemBio::get_buf
called slice::from_raw_parts
with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.
mikelodder7 / unknown_order
This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.
unknown_order
(18 total, 1 possibly insecure)
Crate | Required | Latest | Status |
---|---|---|---|
crypto-bigint | ^0.5 | 0.5.5 | up to date |
crypto-primes | ^0.5 | 0.5.0 | up to date |
digest | ^0.10 | 0.10.7 | up to date |
getrandom | ^0.2 | 0.2.15 | up to date |
glass_pumpkin | ^1.7 | 1.7.0 | up to date |
hex | ^0.4 | 0.4.3 | up to date |
multibase | ^0.9 | 0.9.1 | up to date |
num-bigint | ^0.4 | 0.4.6 | up to date |
num-integer | ^0.1 | 0.1.46 | up to date |
num-traits | ^0.2 | 0.2.19 | up to date |
openssl ⚠️ | ^0.10.64 | 0.10.68 | maybe insecure |
rand | ^0.8 | 0.8.5 | up to date |
rug | ^1.24 | 1.26.1 | up to date |
serde | ^1.0 | 1.0.215 | up to date |
subtle | ^2.5 | 2.6.1 | up to date |
wasm-bindgen | ^0.2 | 0.2.95 | up to date |
zeroize | ^1 | 1.8.1 | up to date |
serde-wasm-bindgen | ^0.6 | 0.6.5 | up to date |
(4 total, all up-to-date)
Crate | Required | Latest | Status |
---|---|---|---|
blake2 | ^0.10 | 0.10.6 | up to date |
multibase | ^0.9 | 0.9.1 | up to date |
serde_json | ^1.0 | 1.0.133 | up to date |
bincode | ^1.3 | 1.3.3 | up to date |
openssl
: `MemBio::get_buf` has undefined behavior with empty buffersPreviously, MemBio::get_buf
called slice::from_raw_parts
with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.