This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate rclonedecrypt

Dependencies

(7 total, 1 possibly insecure)

CrateRequiredLatestStatus
 clap^4.04.5.50up to date
 scrypt^0.110.11.0up to date
 base64 ⚠️^00.22.1maybe insecure
 hex^0.40.4.3up to date
 anyhow^1.01.0.100up to date
 thiserror^2.02.0.17up to date
 sodiumoxide^0.20.2.7up to date

Security Vulnerabilities

base64: Integer overflow leads to heap-based buffer overflow in encode_config_buf

RUSTSEC-2017-0004

Affected versions of this crate suffered from an integer overflow bug when calculating the size of a buffer to use when encoding base64 using the encode_config_buf and encode_config functions. If the input string was large, this would cause a buffer to be allocated that was too small. Since this function writes to the buffer using unsafe code, it would allow an attacker to write beyond the buffer, causing memory corruption and possibly the execution of arbitrary code.

This flaw was corrected by using checked arithmetic to calculate the size of the buffer.