This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate openssl-async

Dependencies

(4 total, 1 possibly insecure)

CrateRequiredLatestStatus
 async-stdio^0.3.0-alpha.40.0.0up to date
 futures-preview^0.3.0-alpha.190.2.2up to date
 openssl ⚠️^0.10.250.10.73maybe insecure
 tokio-io^0.2.0-alpha.60.1.13up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 runtime^0.3.0-alpha.70.0.0up to date

Security Vulnerabilities

openssl: Use-After-Free in `Md::fetch` and `Cipher::fetch`

RUSTSEC-2025-0022

When a Some(...) value was passed to the properties argument of either of these functions, a use-after-free would result.

In practice this would nearly always result in OpenSSL treating the properties as an empty string (due to CString::drop's behavior).

The maintainers thank quitbug for reporting this vulnerability to us.