This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate crypto-primes

Dependencies

(6 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 crypto-bigint^0.6.10.6.1up to date
 glass_pumpkin^11.7.0up to date
 openssl ⚠️^0.10.390.10.72maybe insecure
 rand_core^0.6.40.9.3out of date
 rayon^11.10.0up to date
 rug^1.261.27.0up to date

Dev dependencies

(9 total, 2 outdated)

CrateRequiredLatestStatus
 criterion^0.50.5.1up to date
 crypto-bigint^0.6.10.6.1up to date
 num-bigint^0.40.4.6up to date
 num-integer^0.10.1.46up to date
 num-modular^0.50.6.1out of date
 num-prime^0.4.30.4.4up to date
 num_cpus^1.161.16.0up to date
 proptest^11.6.0up to date
 rand_chacha^0.30.9.0out of date

Security Vulnerabilities

openssl: Use-After-Free in `Md::fetch` and `Cipher::fetch`

RUSTSEC-2025-0022

When a Some(...) value was passed to the properties argument of either of these functions, a use-after-free would result.

In practice this would nearly always result in OpenSSL treating the properties as an empty string (due to CString::drop's behavior).

The maintainers thank quitbug for reporting this vulnerability to us.