This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate quinn

Dependencies

(14 total, 1 possibly insecure)

CrateRequiredLatestStatus
 async-io^22.4.0up to date
 async-std^1.111.13.0up to date
 bytes^11.9.0up to date
 futures-io^0.3.190.3.31up to date
 pin-project-lite^0.20.2.16up to date
 quinn-proto^0.11.70.11.9up to date
 rustc-hash^22.1.0up to date
 rustls ⚠️^0.23.50.23.21maybe insecure
 smol^22.0.2up to date
 socket2^0.50.5.8up to date
 thiserror^2.0.32.0.11up to date
 tokio^1.28.11.43.0up to date
 tracing^0.1.100.1.41up to date
 quinn-udp^0.50.5.9up to date

Dev dependencies

(12 total, all up-to-date)

CrateRequiredLatestStatus
 anyhow^1.0.221.0.95up to date
 bencher^0.1.50.1.5up to date
 clap^44.5.26up to date
 crc^33.2.1up to date
 directories-next^22.0.0up to date
 rand^0.80.8.5up to date
 rcgen^0.130.13.2up to date
 rustls-pemfile^22.2.0up to date
 tokio^1.28.11.43.0up to date
 tracing-futures^0.2.00.2.5up to date
 tracing-subscriber^0.3.00.3.19up to date
 url^22.5.4up to date

Security Vulnerabilities

rustls: rustls network-reachable panic in `Acceptor::accept`

RUSTSEC-2024-0399

A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept() are affected.

Servers that use tokio-rustls's LazyConfigAcceptor API are affected.

Servers that use tokio-rustls's TlsAcceptor API are not affected.

Servers that use rustls-ffi's rustls_acceptor_accept API are affected.