This project contains known security vulnerabilities. Find detailed information at the bottom.

Crate qni-connector-ws-rs

Dependencies

(5 total, 3 outdated, 1 insecure, 1 possibly insecure)

CrateRequiredLatestStatus
 log^0.4.60.4.21up to date
 openssl ⚠️^0.100.10.64maybe insecure
 qni-core-rs^0.2.40.3.2out of date
 simple-error^0.1.130.3.0out of date
 ws ⚠️^0.7.90.9.2insecure

Security Vulnerabilities

ws: Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory

RUSTSEC-2020-0043

Affected versions of this crate did not properly check and cap the growth of the outgoing buffer.

This allows a remote attacker to take down the process by growing the buffer of their (single) connection until the process runs out of memory it can allocate and is killed.

The flaw was corrected in the parity-ws fork (>=0.10.0) by disconnecting a client when the buffer runs full.

openssl: `openssl` `X509VerifyParamRef::set_host` buffer over-read

RUSTSEC-2023-0044

When this function was passed an empty string, openssl would attempt to call strlen on it, reading arbitrary memory until it reached a NUL byte.