Affected versions of the OpenSSL crate used structures after they'd been freed.
This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.
tiny_http
(9 total, 1 outdated, 1 possibly insecure)
Crate | Required | Latest | Status |
---|---|---|---|
ascii | ^1.0 | 1.0.0 | up to date |
chunked_transfer | ^1 | 1.4.0 | up to date |
log | ^0.4 | 0.4.17 | up to date |
openssl ⚠️ | ^0.10 | 0.10.40 | maybe insecure |
rustls | ^0.20 | 0.20.4 | up to date |
rustls-pemfile | ^0.2.1 | 1.0.0 | out of date |
time | ^0.3 | 0.3.9 | up to date |
url | ^2 | 2.2.2 | up to date |
zeroize | ^1.5.2 | 1.5.5 | up to date |
(3 total, 2 outdated, 1 insecure)
Crate | Required | Latest | Status |
---|---|---|---|
fdlimit | ^0.1 | 0.2.1 | out of date |
rustc-serialize ⚠️ | ^0.3 | 0.3.24 | insecure |
sha1 | ^0.6.0 | 0.10.1 | out of date |
openssl
: Use after free in CMS SigningAffected versions of the OpenSSL crate used structures after they'd been freed.
rustc-serialize
: Stack overflow in rustc_serialize when parsing deeply nested JSONWhen parsing JSON using json::Json::from_str
, there is no limit to the depth of the stack, therefore deeply nested objects can cause a stack overflow, which aborts the process.
Example code that triggers the vulnerability is
fn main() {
let _ = rustc_serialize::json::Json::from_str(&"[0,[".repeat(10000));
}
serde is recommended as a replacement to rustc_serialize.