Deps.rs

openssl-sys 0.9.108

[![dependency status](https://deps.rs/crate/openssl-sys/0.9.108/status.svg)](https://deps.rs/crate/openssl-sys/0.9.108)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate openssl-sys

Dependencies

(3 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 aws-lc-sys ⚠️^0.270.39.1out of date
 bssl-sys^0.1.00.1.0up to date
 libc^0.20.2.184up to date

Security Vulnerabilities

aws-lc-sys: Timing Side-Channel in AES-CCM Tag Verification in AWS-LC

RUSTSEC-2026-0045

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis.

The impacted implementations are through the EVP CIPHER API: EVP_aes_128_ccm, EVP_aes_192_ccm, and EVP_aes_256_ccm.

Customers of AWS services do not need to take action. aws-lc-sys contains code from AWS-LC. Applications using aws-lc-sys should upgrade to the most recent release of aws-lc-sys.

Workarounds

In the special cases of using AES-CCM with (M=4, L=2), (M=8, L=2), or (M=16, L=2), applications can workaround this issue by using AES-CCM through the EVP AEAD API using implementations EVP_aead_aes_128_ccm_bluetooth, EVP_aead_aes_128_ccm_bluetooth_8, and EVP_aead_aes_128_ccm_matter respectively.

Otherwise, there is no workaround and applications using aws-lc-sys should upgrade to the most recent release.

aws-lc-sys: PKCS7_verify Certificate Chain Validation Bypass in AWS-LC

RUSTSEC-2026-0046

Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer.

Customers of AWS services do not need to take action. aws-lc-sys contains code from AWS-LC. Applications using aws-lc-sys should upgrade to the most recent release of aws-lc-sys.

There is no workaround; applications using aws-lc-sys should upgrade to the most recent release of aws-lc-sys.

aws-lc-sys: PKCS7_verify Signature Validation Bypass in AWS-LC

RUSTSEC-2026-0047

Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes.

Customers of AWS services do not need to take action. aws-lc-sys contains code from AWS-LC. Applications using aws-lc-sys should upgrade to the most recent release of aws-lc-sys.

There is no workaround; applications using aws-lc-sys should upgrade to the most recent release of aws-lc-sys.

aws-lc-sys: CRL Distribution Point Scope Check Logic Error in AWS-LC

RUSTSEC-2026-0048

A logic error in CRL distribution point matching in AWS-LC allows a revoked certificate to bypass revocation checks during certificate validation, when the application enables CRL checking and uses partitioned CRLs with Issuing Distribution Point (IDP) extensions.

Customers of AWS services do not need to take action. aws-lc-sys contains code from AWS-LC. Applications using aws-lc-sys should upgrade to the most recent release of aws-lc-sys.

Workarounds

Applications can workaround this issue if they do not enable CRL checking (X509_V_FLAG_CRL_CHECK). Applications using complete (non-partitioned) CRLs without IDP extensions are also not affected.

Otherwise, there is no workaround and applications using aws-lc-sys should upgrade to the most recent releases of aws-lc-sys.