Closed rodoufu closed 1 year ago
Fixing possible use after free
cargo audit --ignore RUSTSEC-2020-0071 Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 531 security advisories (from /Users/rodolfo-araujo/.cargo/advisory-db) Updating crates.io index Scanning Cargo.lock for vulnerabilities (241 crate dependencies) Crate: atty Version: 0.2.14 Warning: unsound Title: Potential unaligned read Date: 2021-07-04 ID: RUSTSEC-2021-0145 URL: https://rustsec.org/advisories/RUSTSEC-2021-0145 Dependency tree: atty 0.2.14 └── env_logger 0.9.3 └── web3 0.19.0 Crate: secp256k1 Version: 0.21.3 Warning: unsound Title: Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe code Date: 2022-11-30 ID: RUSTSEC-2022-0070 URL: https://rustsec.org/advisories/RUSTSEC-2022-0070 Dependency tree: secp256k1 0.21.3 └── web3 0.19.0 warning: 2 allowed warnings found
Maybe you can take a look @tomusdrw Thanks in advance
Thanks!
Fixing possible use after free