Deps.rs

rustls 0.23.9

[![dependency status](https://deps.rs/crate/rustls/0.23.9/status.svg)](https://deps.rs/crate/rustls/0.23.9)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate rustls

Dependencies

(12 total, 4 outdated, 2 possibly insecure)

CrateRequiredLatestStatus
 aws-lc-rs^1.61.12.6up to date
 brotli^67.0.0out of date
 brotli-decompressor^4.0.14.0.2up to date
 hashbrown^0.140.15.2out of date
 log^0.4.40.4.26up to date
 once_cell^1.161.21.1up to date
 rustls-pki-types^1.71.11.0up to date
 ring ⚠️^0.170.17.14maybe insecure
 subtle^2.5.02.6.1up to date
 rustls-webpki^0.102.40.103.0out of date
 zeroize^1.71.8.1up to date
 zlib-rs ⚠️^0.10.4.2out of date

Dev dependencies

(13 total, 2 outdated)

CrateRequiredLatestStatus
 base64^0.220.22.1up to date
 bencher^0.1.50.1.5up to date
 env_logger^0.100.11.7out of date
 hex^0.40.4.3up to date
 log^0.4.40.4.26up to date
 num-bigint^0.4.40.4.6up to date
 rcgen^0.130.13.2up to date
 rustls-pemfile^22.2.0up to date
 serde^11.0.219up to date
 serde_json^11.0.140up to date
 tikv-jemallocator^0.50.6.0out of date
 time^0.3.60.3.40up to date
 webpki-roots^0.260.26.8up to date

Security Vulnerabilities

zlib-rs: Denial of service because of stack overflow with malicious decompression input

RUSTSEC-2024-0401

A denial of service vulnerability was found in zlib-rs, triggered by specially constructed input. This input causes a stack overflow, resulting in the process using zlib-rs to crash.

Impact

Due to the way LLVM handles the zlib-rs codebase, tail calls were not guaranteed. This caused certain input patterns to result in a large number of stack frames being required, quickly resulting in a stack overflow. These are unlikely to occur in practice, but a dedicated attacker can construct malicious input files.

After stack overflows were found by @inahga with a fuzzer, we dove into the assembly, and found some cases where the stack grew

.LBB109_326:
    mov rdi, rbx
    call zlib_rs::inflate::State::type_do
    jmp .LBB109_311

.LBB109_311:
    lea rsp, [rbp - 40]
    pop rbx
    pop r12
    pop r13
    pop r14
    pop r15
    pop rbp
    .cfi_def_cfa rsp, 8
    ret

LLVM wants to centralize the cleanup before the return (many other blocks jump to LBB109_311), thereby invalidating a tail call to type_do. We were not able to get rid of this call without introducing one elsewhere: we just don't currently have the power to tell LLVM what we want it to do.

So, we switch back to loop+match waiting for changes to rust to make a more efficient implementation possible. Performance-wise, the damage is relatively minimal: we're just slower in cases where we already were slower than C. We are faster in cases where the relevant code is barely touched (in these cases the logic quickly moves into a hot inner loop and just spends most of its time there).

Patches

Version 0.4.0 patches the problem and is no longer vulnerable.

Workarounds

Users of zlib-rs should upgrade to the latest version. Users could alternatively run zlib-rs in a separate process to prevent a stack overflow crashing the entire program. In some situations a signal handler can be used to catch a stack overflow happening.

ring: Some AES functions may panic when overflow checking is enabled.

RUSTSEC-2025-0009

ring::aead::quic::HeaderProtectionKey::new_mask() may panic when overflow checking is enabled. In the QUIC protocol, an attacker can induce this panic by sending a specially-crafted packet. Even unintentionally it is likely to occur in 1 out of every 2**32 packets sent and/or received.

On 64-bit targets operations using ring::aead::{AES_128_GCM, AES_256_GCM} may panic when overflow checking is enabled, when encrypting/decrypting approximately 68,719,476,700 bytes (about 64 gigabytes) of data in a single chunk. Protocols like TLS and SSH are not affected by this because those protocols break large amounts of data into small chunks. Similarly, most applications will not attempt to encrypt/decrypt 64GB of data in one chunk.

Overflow checking is not enabled in release mode by default, but RUSTFLAGS="-C overflow-checks" or overflow-checks = true in the Cargo.toml profile can override this. Overflow checking is usually enabled by default in debug mode.