This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate native-tls

Dependencies

(9 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 libc^0.20.2.159up to date
 log^0.4.50.4.22up to date
 openssl ⚠️^0.10.290.10.66maybe insecure
 openssl-probe^0.10.1.5up to date
 openssl-sys^0.9.550.9.103up to date
 schannel^0.1.170.1.26up to date
 security-framework^2.0.03.0.0out of date
 security-framework-sys^2.0.02.12.0up to date
 tempfile^3.1.03.13.0up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 tempfile^3.03.13.0up to date
 test-cert-gen^0.90.9.0up to date

Security Vulnerabilities

openssl: `MemBio::get_buf` has undefined behavior with empty buffers

RUSTSEC-2024-0357

Previously, MemBio::get_buf called slice::from_raw_parts with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.