Deps.rs

fortanix-sgx-tools 0.3.1

[![dependency status](https://deps.rs/crate/fortanix-sgx-tools/0.3.1/status.svg)](https://deps.rs/crate/fortanix-sgx-tools/0.3.1)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate fortanix-sgx-tools

Dependencies

(13 total, 8 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 aesm-client^0.4.00.6.0out of date
 clap^2.2.54.5.51out of date
 enclave-runner^0.3.00.7.2out of date
 failure^0.1.10.1.8up to date
 failure_derive^0.1.10.1.8up to date
 num_cpus^1.9.01.17.0up to date
 serde^1.0.841.0.228up to date
 serde_derive^1.0.841.0.228up to date
 sgx-isa^0.3.00.4.1out of date
 sgxs^0.7.00.8.0out of date
 sgxs-loaders^0.2.00.5.0out of date
 toml^0.4.100.9.8out of date
 xmas-elf ⚠️^0.6.00.10.0out of date

Security Vulnerabilities

xmas-elf: Potential out-of-bounds read with a malformed ELF file and the HashTable API.

RUSTSEC-2025-0018

Affected versions of this crate only validated the index argument of HashTable::get_bucket and HashTable::get_chain against the input-controlled bucket_count and chain_count fields, but not against the size of the ELF section. As a result, a malformed ELF file could trigger out-of-bounds reads in a consumer of the HashTable API by setting these fields to inappropriately large values that would fall outside the relevant hash table section, and by introducing correspondingly out-of-bounds hash table indexes elsewhere in the ELF file.