This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate native-tls

Dependencies

(10 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 lazy_static^1.4.01.5.0up to date
 libc^0.20.2.168up to date
 log^0.4.50.4.22up to date
 openssl ⚠️^0.10.290.10.68maybe insecure
 openssl-probe^0.10.1.5up to date
 openssl-sys^0.9.550.9.104up to date
 schannel^0.1.170.1.27up to date
 security-framework^2.0.03.0.1out of date
 security-framework-sys^2.0.02.12.1up to date
 tempfile^3.1.03.14.0up to date

Dev dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 tempfile^3.03.14.0up to date
 test-cert-gen^0.70.9.0out of date

Security Vulnerabilities

openssl: `MemBio::get_buf` has undefined behavior with empty buffers

RUSTSEC-2024-0357

Previously, MemBio::get_buf called slice::from_raw_parts with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.