This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate nperf-core

Dependencies

(14 total, 3 outdated, 1 insecure)

CrateRequiredLatestStatus
 libc^0.20.2.114up to date
 regex^11.5.4up to date
 lazy_static^11.4.0up to date
 log^0.40.4.14up to date
 parking_lot^0.110.11.2up to date
 num_cpus^11.13.1up to date
 chrono ⚠️^0.40.4.19insecure
 speedy^0.80.8.1up to date
 string-interner^0.70.14.0out of date
 serde^11.0.135up to date
 serde_json^11.0.78up to date
 serde_derive^11.0.135up to date
 structopt^0.20.3.26out of date
 inferno^0.90.10.10out of date

Dev dependencies

(3 total, 2 outdated)

CrateRequiredLatestStatus
 quickcheck^0.91.0.3out of date
 criterion^0.30.3.5up to date
 env_logger^0.80.9.0out of date

Crate proc-maps

No external dependencies! 🙌

Crate perf_event_open

Dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 libc^0.20.2.114up to date
 byteorder^11.4.3up to date
 parking_lot^0.110.11.2up to date
 log^0.40.4.14up to date

Crate nwind

Dependencies

(12 total, 5 outdated, 1 insecure, 1 possibly insecure)

CrateRequiredLatestStatus
 byteorder^11.4.3up to date
 gimli^0.250.26.1out of date
 goblin^0.0.240.4.3out of date
 scroll^0.90.11.0out of date
 memmap ⚠️^0.70.7.0insecure
 log^0.40.4.14up to date
 speedy^0.80.8.1up to date
 lru ⚠️^0.60.7.2out of date
 cpp_demangle^0.30.3.5up to date
 rustc-demangle^0.10.1.21up to date
 addr2line^0.160.17.0out of date
 libc^0.20.2.114up to date

Dev dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 env_logger^0.80.9.0out of date

Build dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 cc^11.0.72up to date

Crate nperf

Dependencies

(3 total, 2 outdated)

CrateRequiredLatestStatus
 structopt^0.20.3.26out of date
 log^0.40.4.14up to date
 env_logger^0.70.9.0out of date

Security Vulnerabilities

memmap: memmap is unmaintained

RUSTSEC-2020-0077

The author of the memmap crate is unresponsive.

Maintained alternatives:

chrono: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References

lru: Use after free in lru crate

RUSTSEC-2021-0130

Lru crate has use after free vulnerability.

Lru crate has two functions for getting an iterator. Both iterators give references to key and value. Calling specific functions, like pop(), will remove and free the value, and but it's still possible to access the reference of value which is already dropped causing use after free.