tikv / rust-rocksdb

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate `rocksdb`

Dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
libc	`^0.2.11`	`0.2.171`	up to date

Dev dependencies

(4 total, 2 outdated)

Crate	Required	Latest	Status
crc	`^1.8`	`3.2.1`	out of date
lazy_static	`^1.4.0`	`1.5.0`	up to date
rand	`^0.7`	`0.9.0`	out of date
tempfile	`^3.1`	`3.19.1`	up to date

Crate `librocksdb_sys`

Dependencies

(7 total, 1 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
bzip2-sys	`^0.1.11`	`0.1.13+1.0.8`	up to date
libc	`^0.2.11`	`0.2.171`	up to date
libz-sys	`^1.1`	`1.1.22`	up to date
openssl-sys	`^0.9.54`	`0.9.106`	up to date
zstd-sys	`^2.0.1`	`2.0.15+zstd.1.5.7`	up to date
lz4-sys ⚠️	`^1.9`	`1.11.1+lz4-1.10.0`	maybe insecure
tikv-jemalloc-sys	`^0.5.0`	`0.6.0+5.3.0-1-ge13ca993e8ccb9ba9847cc330696e02839f328f7`	out of date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
tempfile	`^3.1`	`3.19.1`	up to date

Build dependencies

(3 total, 1 outdated)

Crate	Required	Latest	Status
cc	`^1.0.3`	`1.2.17`	up to date
cmake	`^0.1`	`0.1.54`	up to date
bindgen	`^0.65`	`0.71.1`	out of date

Crate `libtitan_sys`

Dependencies

(5 total, 1 possibly insecure)

Crate	Required	Latest	Status
bzip2-sys	`^0.1.8`	`0.1.13+1.0.8`	up to date
libc	`^0.2.11`	`0.2.171`	up to date
libz-sys	`^1.1`	`1.1.22`	up to date
zstd-sys	`^2.0.1`	`2.0.15+zstd.1.5.7`	up to date
lz4-sys ⚠️	`^1.9`	`1.11.1+lz4-1.10.0`	maybe insecure

Build dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
cc	`^1.0.3`	`1.2.17`	up to date
cmake	`^0.1`	`0.1.54`	up to date

Security Vulnerabilities

`lz4-sys`: Memory corruption in liblz4

RUSTSEC-2022-0051

lz4-sys up to v1.9.3 bundles a version of liblz4 that is vulnerable to CVE-2021-3520.

Attackers could craft a payload that triggers an integer overflow upon decompression, causing an out-of-bounds write.

The flaw has been corrected in version v1.9.4 of liblz4, which is included in lz4-sys 1.9.4.

tikv / rust-rocksdb

Crate rocksdb

Dependencies

Dev dependencies

Crate librocksdb_sys

Dependencies

Dev dependencies

Build dependencies

Crate libtitan_sys

Dependencies

Build dependencies

Security Vulnerabilities

lz4-sys: Memory corruption in liblz4

Crate `rocksdb`

Crate `librocksdb_sys`

Crate `libtitan_sys`

`lz4-sys`: Memory corruption in liblz4