async-tungstenite 0.16.0

Crate async-tungstenite

Dependencies

(18 total, 7 outdated, 2 possibly insecure)

Crate	Required	Latest	Status
async-std	`^1.0`	`1.12.0`	up to date
futures-io	`^0.3`	`0.3.28`	up to date
futures-util	`^0.3`	`0.3.28`	up to date
gio	`^0.14`	`0.18.2`	out of date
glib	`^0.14`	`0.18.2`	out of date
log	`^0.4`	`0.4.20`	up to date
openssl ⚠️	`^0.10`	`0.10.57`	maybe insecure
pin-project-lite	`^0.2`	`0.2.13`	up to date
async-native-tls	`^0.3.0`	`0.5.0`	out of date
async-tls	`^0.11`	`0.12.0`	out of date
native-tls	`^0.2`	`0.2.11`	up to date
tokio-native-tls	`^0.3`	`0.3.1`	up to date
tokio-openssl	`^0.6`	`0.6.3`	up to date
tokio-rustls	`^0.23`	`0.24.1`	out of date
rustls-native-certs	`^0.6`	`0.6.3`	up to date
tokio ⚠️	`^1.0`	`1.32.0`	maybe insecure
tungstenite	`^0.16.0`	`0.20.1`	out of date
webpki-roots	`^0.22`	`0.25.2`	out of date

Crate

Required

Latest

Status

async-std

^1.0

1.12.0

up to date

futures-io

^0.3

0.3.28

up to date

futures-util

^0.3

0.3.28

up to date

gio

^0.14

0.18.2

out of date

glib

^0.14

0.18.2

out of date

log

^0.4

0.4.20

up to date

openssl ⚠️

^0.10

0.10.57

maybe insecure

pin-project-lite

^0.2

0.2.13

up to date

async-native-tls

^0.3.0

0.5.0

out of date

async-tls

^0.11

0.12.0

out of date

native-tls

^0.2

0.2.11

up to date

tokio-native-tls

^0.3

0.3.1

up to date

tokio-openssl

^0.6

0.6.3

up to date

tokio-rustls

^0.23

0.24.1

out of date

rustls-native-certs

^0.6

0.6.3

up to date

tokio ⚠️

^1.0

1.32.0

maybe insecure

tungstenite

^0.16.0

0.20.1

out of date

webpki-roots

^0.22

0.25.2

out of date

Dev dependencies

(5 total, 1 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
async-std	`^1.0`	`1.12.0`	up to date
env_logger	`^0.9`	`0.10.0`	out of date
futures	`^0.3`	`0.3.28`	up to date
tokio ⚠️	`^1.0`	`1.32.0`	maybe insecure
url	`^2.0.0`	`2.4.1`	up to date

Crate

Required

Latest

Status

async-std

^1.0

1.12.0

up to date

env_logger

^0.9

0.10.0

out of date

futures

^0.3

0.3.28

up to date

tokio ⚠️

^1.0

1.32.0

maybe insecure

url

^2.0.0

2.4.1

up to date

Security Vulnerabilities

`tokio`: reject_remote_clients Configuration corruption

RUSTSEC-2023-0001

On Windows, configuring a named pipe server with pipe_mode will force ServerOptions::reject_remote_clients as false.

This drops any intended explicit configuration for the reject_remote_clients that may have been set as true previously.

The default setting of reject_remote_clients is normally true meaning the default is also overridden as false.

Workarounds

Ensure that pipe_mode is set first after initializing a ServerOptions. For example:

let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);

`openssl`: `openssl` `X509VerifyParamRef::set_host` buffer over-read

RUSTSEC-2023-0044

When this function was passed an empty string, openssl would attempt to call strlen on it, reading arbitrary memory until it reached a NUL byte.

Deps.rs

async-tungstenite 0.16.0

Crate `async-tungstenite`

Dependencies

Dev dependencies

Security Vulnerabilities

`tokio`: reject_remote_clients Configuration corruption

Workarounds

`openssl`: `openssl` `X509VerifyParamRef::set_host` buffer over-read

async-tungstenite 0.16.0

Crate async-tungstenite

Dependencies

Dev dependencies

Security Vulnerabilities

tokio: reject_remote_clients Configuration corruption

Workarounds

openssl: `openssl` `X509VerifyParamRef::set_host` buffer over-read

Crate `async-tungstenite`

`tokio`: reject_remote_clients Configuration corruption

`openssl`: `openssl` `X509VerifyParamRef::set_host` buffer over-read