This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate leaf

Dependencies

(64 total, 17 outdated, 7 possibly insecure)

CrateRequiredLatestStatus
 tokio ⚠️^11.44.2maybe insecure
 protobuf ⚠️=3.6.03.7.2out of date
 thiserror^1.02.0.12out of date
 futures^0.30.3.31up to date
 async-trait^0.10.1.88up to date
 bytes^1.61.10.1up to date
 lazy_static^1.41.5.0up to date
 anyhow^1.01.0.98up to date
 rand^0.80.9.1out of date
 socket2^0.50.5.9up to date
 async-recursion^1.11.1.1up to date
 trust-dns-proto^0.230.23.2up to date
 lru^0.120.14.0out of date
 tracing^0.10.1.41up to date
 tracing-appender^0.20.2.3up to date
 tracing-subscriber^0.30.3.19up to date
 chrono ⚠️^0.40.4.41maybe insecure
 colored^2.13.0.0out of date
 maxminddb^0.240.26.0out of date
 memmap2^0.90.9.5up to date
 cidr^0.20.3.1out of date
 directories^4.06.0.0out of date
 async-ffi^0.20.5.0out of date
 libloading^0.70.8.6out of date
 serde_json^1.01.0.140up to date
 serde_derive^1.01.0.219up to date
 serde^1.01.0.219up to date
 regex^1.101.11.1up to date
 openssl ⚠️^0.100.10.72maybe insecure
 ring ⚠️^0.170.17.14maybe insecure
 aws-lc-rs^1.71.13.0up to date
 tokio-rustls^0.260.26.2up to date
 webpki-roots^0.250.26.9out of date
 rustls-pemfile^1.02.2.0out of date
 openssl-probe^0.10.1.6up to date
 tokio-openssl^0.60.6.5up to date
 tungstenite^0.210.26.2out of date
 tokio-tungstenite^0.210.26.2out of date
 url^2.52.5.4up to date
 http^1.11.3.1up to date
 async-socks5^0.60.6.0up to date
 hkdf^0.120.12.4up to date
 md-5^0.100.10.6up to date
 sha-1^0.100.10.1up to date
 percent-encoding^2.32.3.1up to date
 base64^0.220.22.1up to date
 memchr^22.7.4up to date
 sha2^0.100.10.8up to date
 hex^0.40.4.3up to date
 lz_fnv^0.10.1.2up to date
 cfb-mode^0.80.8.2up to date
 hmac^0.120.12.1up to date
 aes^0.80.8.4up to date
 sha3^0.100.10.8up to date
 digest^0.100.10.7up to date
 uuid^11.16.0up to date
 byteorder^11.5.0up to date
 lru_time_cache^0.110.11.11up to date
 tokio-util^0.70.7.15up to date
 quinn^0.100.11.7out of date
 rustls ⚠️^0.210.23.26out of date
 warp ⚠️^0.30.3.7maybe insecure
 notify^68.0.0out of date
 tun^0.70.7.19up to date

Dev dependencies

(3 total, 1 possibly insecure)

CrateRequiredLatestStatus
 rcgen^0.130.13.2up to date
 sha2^0.100.10.8up to date
 tokio ⚠️^11.44.2maybe insecure

Build dependencies

(3 total, 2 outdated)

CrateRequiredLatestStatus
 cc^1.01.2.20up to date
 bindgen^0.690.71.1out of date
 protobuf-codegen=3.6.03.7.2out of date

Crate leaf-cli

Dependencies

(2 total, 1 possibly insecure)

CrateRequiredLatestStatus
 tokio ⚠️^11.44.2maybe insecure
 argh^0.10.1.13up to date

Crate leaf-ffi

No external dependencies! 🙌

Crate shadowsocks

Dependencies

(4 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 async-trait^0.10.1.88up to date
 tokio ⚠️^11.44.2maybe insecure
 async-ffi^0.20.5.0out of date
 bytes^11.10.1up to date

Security Vulnerabilities

chrono: Potential segfault in `localtime_r` invocations

RUSTSEC-2020-0159

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

Workarounds

No workarounds are known.

References

warp: Improper validation of Windows paths could lead to directory traversal attack

RUSTSEC-2022-0082

Path resolution in warp::filters::fs::dir didn't correctly validate Windows paths meaning paths like /foo/bar/c:/windows/web/screen/img101.png would be allowed and respond with the contents of c:/windows/web/screen/img101.png. Thus users could potentially read files anywhere on the filesystem.

This only impacts Windows. Linux and other unix likes are not impacted by this.

tokio: reject_remote_clients Configuration corruption

RUSTSEC-2023-0001

On Windows, configuring a named pipe server with pipe_mode will force ServerOptions::reject_remote_clients as false.

This drops any intended explicit configuration for the reject_remote_clients that may have been set as true previously.

The default setting of reject_remote_clients is normally true meaning the default is also overridden as false.

Workarounds

Ensure that pipe_mode is set first after initializing a ServerOptions. For example:

let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);

rustls: `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

RUSTSEC-2024-0336

If a close_notify alert is received during a handshake, complete_io does not terminate.

Callers which do not call complete_io are not affected.

rustls-tokio and rustls-ffi do not call complete_io and are not affected.

rustls::Stream and rustls::StreamOwned types use complete_io and are affected.

protobuf: Crash due to uncontrolled recursion in protobuf crate

RUSTSEC-2024-0437

Affected version of this crate did not properly parse unknown fields when parsing a user-supplied input.

This allows an attacker to cause a stack overflow when parsing the mssage on untrusted data.

ring: Some AES functions may panic when overflow checking is enabled.

RUSTSEC-2025-0009

ring::aead::quic::HeaderProtectionKey::new_mask() may panic when overflow checking is enabled. In the QUIC protocol, an attacker can induce this panic by sending a specially-crafted packet. Even unintentionally it is likely to occur in 1 out of every 2**32 packets sent and/or received.

On 64-bit targets operations using ring::aead::{AES_128_GCM, AES_256_GCM} may panic when overflow checking is enabled, when encrypting/decrypting approximately 68,719,476,700 bytes (about 64 gigabytes) of data in a single chunk. Protocols like TLS and SSH are not affected by this because those protocols break large amounts of data into small chunks. Similarly, most applications will not attempt to encrypt/decrypt 64GB of data in one chunk.

Overflow checking is not enabled in release mode by default, but RUSTFLAGS="-C overflow-checks" or overflow-checks = true in the Cargo.toml profile can override this. Overflow checking is usually enabled by default in debug mode.

openssl: Use-After-Free in `Md::fetch` and `Cipher::fetch`

RUSTSEC-2025-0022

When a Some(...) value was passed to the properties argument of either of these functions, a use-after-free would result.

In practice this would nearly always result in OpenSSL treating the properties as an empty string (due to CString::drop's behavior).

The maintainers thank quitbug for reporting this vulnerability to us.