Affected versions of the OpenSSL crate used structures after they'd been freed.
This project contains known security vulnerabilities. Find detailed information at the bottom.
async-tungstenite
(15 total, 8 outdated, 2 insecure)
Crate | Required | Latest | Status |
---|---|---|---|
async-std | ^1.0 | 1.9.0 | up to date |
futures-io | ^0.3 | 0.3.13 | up to date |
futures-util | ^0.3 | 0.3.13 | insecure |
gio | ^0.8 | 0.9.1 | out of date |
glib | ^0.9 | 0.10.3 | out of date |
log | ^0.4 | 0.4.14 | up to date |
openssl | ^0.10 | 0.10.32 | insecure |
pin-project | ^0.4 | 1.0.5 | out of date |
async-native-tls | ^0.3.0 | 0.3.3 | up to date |
async-tls | ^0.7 | 0.11.0 | out of date |
native-tls | ^0.2 | 0.2.7 | up to date |
tokio-native-tls | ^0.1 | 0.3.0 | out of date |
tokio-openssl | ^0.4 | 0.6.1 | out of date |
tokio | ^0.2 | 1.2.0 | out of date |
tungstenite | ^0.11.0 | 0.13.0 | out of date |
(4 total, 1 outdated)
Crate | Required | Latest | Status |
---|---|---|---|
async-std | ^1.0 | 1.9.0 | up to date |
env_logger | ^0.7 | 0.8.3 | out of date |
futures | ^0.3 | 0.3.13 | up to date |
url | ^2.0.0 | 2.2.1 | up to date |
openssl
: Use after free in CMS SigningAffected versions of the OpenSSL crate used structures after they'd been freed.
futures-util
: MutexGuard::map can cause a data race in safe codeAffected versions of the crate had a Send/Sync implementation for MappedMutexGuard that only considered variance on T, while MappedMutexGuard dereferenced to U.
This could of led to data races in safe Rust code when a closure used in MutexGuard::map() returns U that is unrelated to T.
The issue was fixed by fixing Send
and Sync
implementations, and by adding a PhantomData<&'a mut U>
marker to the MappedMutexGuard
type to tell the compiler that the guard is over
U too.