This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate webrtc-srtp

Dependencies

(16 total, 4 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 aead^0.50.5.2up to date
 aes^0.80.8.4up to date
 aes-gcm^0.100.10.3up to date
 byteorder^11.5.0up to date
 bytes^11.8.0up to date
 ctr^0.90.9.2up to date
 hmac^0.120.12.1up to date
 log^0.40.4.22up to date
 openssl ⚠️^0.10.570.10.68maybe insecure
 rtcp^0.100.11.0out of date
 rtp^0.90.11.0out of date
 sha1^0.100.10.6up to date
 subtle^22.6.1up to date
 thiserror^12.0.3out of date
 tokio^1.32.01.41.1up to date
 webrtc-util^0.80.9.0out of date

Dev dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 criterion^0.50.5.1up to date
 lazy_static^11.5.0up to date
 tokio-test^0.40.4.4up to date

Security Vulnerabilities

openssl: `MemBio::get_buf` has undefined behavior with empty buffers

RUSTSEC-2024-0357

Previously, MemBio::get_buf called slice::from_raw_parts with a null-pointer, which violates the functions invariants, leading to undefined behavior. In debug builds this would produce an assertion failure. This is now fixed.