Deps.rs

webrtc-rs / rtc

[![dependency status](https://deps.rs/repo/github/webrtc-rs/rtc/status.svg)](https://deps.rs/repo/github/webrtc-rs/rtc)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate rtc-examples

Dev dependencies

(6 total, 1 outdated)

CrateRequiredLatestStatus
 hyper^0.14.321.8.1out of date
 tokio-util^0.7.170.7.18up to date
 anyhow^1.0.1001.0.100up to date
 serde_json^1.0.1451.0.149up to date
 tokio-tungstenite^0.28.00.28.0up to date
 futures-util^0.30.3.31up to date

Crate rtc

Dependencies

(8 total, all up-to-date)

CrateRequiredLatestStatus
 serde^11.0.228up to date
 serde_json^11.0.149up to date
 sha2^0.100.10.9up to date
 rustls^0.23.350.23.36up to date
 url^22.5.8up to date
 hex^0.40.4.3up to date
 pem^33.0.6up to date
 unicase^2.82.9.0up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 webrtc^0.14.00.14.0up to date
 anyhow^11.0.100up to date

Crate rtc-datachannel

No external dependencies! 🙌

Crate rtc-dtls

Dependencies

(20 total, 3 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 rand_core^0.6.40.9.5out of date
 p256^0.13.20.13.2up to date
 p384^0.13.00.13.1up to date
 hmac^0.12.10.12.1up to date
 sec1^0.70.7.3up to date
 sha1^0.10.60.10.6up to date
 sha2^0.10.80.10.9up to date
 aes^0.8.40.8.4up to date
 cbc^0.1.20.1.2up to date
 aes-gcm^0.10.30.10.3up to date
 ccm^0.5.00.5.0up to date
 x25519-dalek^2.0.12.0.1up to date
 x509-parser^0.16.00.18.0out of date
 der-parser^9.0.010.0.0out of date
 rustls^0.23.270.23.36up to date
 rkyv ⚠️^0.80.8.14maybe insecure
 bytecheck^0.80.8.2up to date
 subtle^2.5.02.6.1up to date
 pem^3.0.33.0.6up to date
 chacha20poly1305^0.10.10.10.1up to date

Dev dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 local-sync^0.1.10.1.1up to date
 core_affinity^0.8.10.8.3up to date
 anyhow^1.0.801.0.100up to date
 futures^0.3.300.3.31up to date

Crate rtc-ice

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 crc^3.0.13.4.0up to date
 url^2.5.02.5.8up to date
 uuid^11.20.0up to date

Dev dependencies

(8 total, 1 outdated)

CrateRequiredLatestStatus
 regex^1.10.31.12.2up to date
 ipnet^2.9.02.11.0up to date
 lazy_static^1.4.01.5.0up to date
 hyper^0.14.281.8.1out of date
 sha1^0.10.60.10.6up to date
 waitgroup^0.1.20.1.2up to date
 serde_json^1.0.1141.0.149up to date
 futures^0.3.300.3.31up to date

Crate rtc-interceptor

No external dependencies! 🙌

Crate rtc-interceptor-derive

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 proc-macro2^11.0.106up to date
 quote^11.0.44up to date
 syn^22.0.114up to date

Crate rtc-media

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 nearly_eq^0.20.2.4up to date

Crate rtc-mdns

Dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 socket2^0.50.6.2out of date

Crate rtc-rtcp

No external dependencies! 🙌

Crate rtc-rtp

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 memchr^2.1.12.7.6up to date

Crate rtc-sctp

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 slab^0.4.90.4.11up to date
 crc^3.2.13.4.0up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 assert_matches^1.5.01.5.0up to date
 lazy_static^1.4.01.5.0up to date

Crate rtc-sdp

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 url^2.5.02.5.8up to date

Crate rtc-shared

Dependencies

(9 total, 2 outdated)

CrateRequiredLatestStatus
 substring^1.4.51.4.5up to date
 aes-gcm^0.10.30.10.3up to date
 url^2.5.02.5.8up to date
 sec1^0.7.30.7.3up to date
 p256^0.13.20.13.2up to date
 aes^0.8.40.8.4up to date
 nix^0.26.20.31.1out of date
 bitflags^1.32.10.0out of date
 winapi^0.3.90.3.9up to date

Crate rtc-srtp

Dependencies

(8 total, all up-to-date)

CrateRequiredLatestStatus
 hmac^0.12.10.12.1up to date
 sha1^0.10.60.10.6up to date
 ctr^0.9.20.9.2up to date
 aes^0.8.40.8.4up to date
 subtle^2.5.02.6.1up to date
 aead^0.5.20.5.2up to date
 aes-gcm^0.10.30.10.3up to date
 openssl^0.10.720.10.75up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 lazy_static^1.4.01.5.0up to date

Crate rtc-stun

Dependencies

(6 total, all up-to-date)

CrateRequiredLatestStatus
 lazy_static^1.4.01.5.0up to date
 url^2.5.02.5.8up to date
 base64^0.22.10.22.1up to date
 subtle^2.5.02.6.1up to date
 crc^3.0.13.4.0up to date
 md-5^0.100.10.6up to date

Crate rtc-turn

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 hex^0.4.30.4.3up to date
 crossbeam-channel^0.50.5.15up to date

Security Vulnerabilities

rkyv: Potential Undefined Behaviors in `Arc<T>`/`Rc<T>` impls of `from_value` on OOM

RUSTSEC-2026-0001

The SharedPointer::alloc implementation for sync::Arc<T> and rc::Rc<T> in rkyv/src/impls/alloc/rc/atomic.rs (and rc.rs) does not check if the allocator returns a null pointer on OOM (Out of Memory).

This null pointer can flow through to SharedPointer::from_value, which calls Box::from_raw(ptr) with the null pointer. This triggers undefined behavior when utilizing safe deserialization APIs (such as rkyv::from_bytes or rkyv::deserialize_using) if an OOM condition occurs during the allocation of the shared pointer.

The issue is reachable through safe code and violates Rust's safety guarantees.