Deps.rs

webrtc-rs / rtc

[![dependency status](https://deps.rs/repo/github/webrtc-rs/rtc/status.svg)](https://deps.rs/repo/github/webrtc-rs/rtc)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate rtc

Dependencies

(13 total, 1 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 bytes^1.51.11.0up to date
 log^0.40.4.29up to date
 base64^0.220.22.1up to date
 serde^11.0.228up to date
 serde_json^11.0.145up to date
 rand^0.9.20.9.2up to date
 rcgen^0.13.20.14.5out of date
 ring ⚠️^0.170.17.14maybe insecure
 sha2^0.100.10.9up to date
 rustls^0.23.270.23.35up to date
 url^22.5.7up to date
 hex^0.40.4.3up to date
 pem^33.0.6up to date

Crate rtc-datachannel

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 bytes^1.5.01.11.0up to date
 log^0.4.210.4.29up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 env_logger^0.11.30.11.8up to date
 chrono^0.4.350.4.42up to date

Crate rtc-dtls

Dependencies

(26 total, 5 outdated)

CrateRequiredLatestStatus
 bytes^1.5.01.11.0up to date
 byteorder^1.5.01.5.0up to date
 rand_core^0.6.40.9.3out of date
 p256^0.13.20.13.2up to date
 p384^0.13.00.13.1up to date
 rand^0.90.9.2up to date
 hmac^0.12.10.12.1up to date
 sec1^0.70.7.3up to date
 sha1^0.10.60.10.6up to date
 sha2^0.10.80.10.9up to date
 aes^0.8.40.8.4up to date
 cbc^0.1.20.1.2up to date
 aes-gcm^0.10.30.10.3up to date
 ccm^0.5.00.5.0up to date
 x25519-dalek^2.0.12.0.1up to date
 x509-parser^0.16.00.18.0out of date
 der-parser^9.0.010.0.0out of date
 rcgen^0.13.20.14.5out of date
 ring^0.17.140.17.14up to date
 rustls^0.23.270.23.35up to date
 bincode^1.3.32.0.1out of date
 serde^1.0.1971.0.228up to date
 subtle^2.5.02.6.1up to date
 log^0.4.210.4.29up to date
 pem^3.0.33.0.6up to date
 chacha20poly1305^0.10.10.10.1up to date

Dev dependencies

(8 total, all up-to-date)

CrateRequiredLatestStatus
 local-sync^0.1.10.1.1up to date
 core_affinity^0.8.10.8.3up to date
 chrono^0.4.350.4.42up to date
 env_logger^0.11.30.11.8up to date
 clap^4.5.24.5.53up to date
 anyhow^1.0.801.0.100up to date
 ctrlc^3.4.43.5.1up to date
 futures^0.3.300.3.31up to date

Crate rtc-ice

Dependencies

(6 total, 1 outdated)

CrateRequiredLatestStatus
 crc^3.0.13.4.0up to date
 log^0.4.210.4.29up to date
 rand^0.8.50.9.2out of date
 serde^1.0.1971.0.228up to date
 url^2.5.02.5.7up to date
 bytes^1.5.01.11.0up to date

Dev dependencies

(13 total, 1 outdated)

CrateRequiredLatestStatus
 regex^1.10.31.12.2up to date
 env_logger^0.11.30.11.8up to date
 chrono^0.4.350.4.42up to date
 ipnet^2.9.02.11.0up to date
 clap^4.5.24.5.53up to date
 lazy_static^1.4.01.5.0up to date
 hyper^0.14.281.8.1out of date
 sha1^0.10.60.10.6up to date
 waitgroup^0.1.20.1.2up to date
 serde_json^1.0.1141.0.145up to date
 tokio^1.361.48.0up to date
 futures^0.3.300.3.31up to date
 ctrlc^3.43.5.1up to date

Crate rtc-rtcp

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 bytes^1.5.01.11.0up to date

Crate rtc-rtp

Dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 bytes^1.5.01.11.0up to date
 rand^0.90.9.2up to date
 serde^1.0.1971.0.228up to date
 memchr^2.1.12.7.6up to date

Dev dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 chrono^0.4.350.4.42up to date
 criterion^0.5.10.8.1out of date

Crate rtc-sctp

Dependencies

(6 total, 1 outdated)

CrateRequiredLatestStatus
 bytes^1.5.01.11.0up to date
 rand^0.90.9.2up to date
 slab^0.4.90.4.11up to date
 thiserror^1.0.572.0.17out of date
 log^0.4.210.4.29up to date
 crc^3.2.13.4.0up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 assert_matches^1.5.01.5.0up to date
 lazy_static^1.4.01.5.0up to date

Crate rtc-sdp

Dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 url^2.5.02.5.7up to date
 rand^0.8.50.9.2out of date

Dev dependencies

(1 total, 1 outdated)

CrateRequiredLatestStatus
 criterion^0.5.10.8.1out of date

Crate rtc-shared

Dependencies

(11 total, 2 outdated)

CrateRequiredLatestStatus
 thiserror^1.0.582.0.17out of date
 substring^1.4.51.4.5up to date
 bytes^1.5.01.11.0up to date
 aes-gcm^0.10.30.10.3up to date
 url^2.5.02.5.7up to date
 rcgen^0.13.20.14.5out of date
 sec1^0.7.30.7.3up to date
 p256^0.13.20.13.2up to date
 aes^0.8.40.8.4up to date
 sansio^0.5.00.5.0up to date
 sansio-transport^0.5.00.5.0up to date

Crate rtc-srtp

Dependencies

(10 total, all up-to-date)

CrateRequiredLatestStatus
 byteorder^1.5.01.5.0up to date
 bytes^1.5.01.11.0up to date
 hmac^0.12.10.12.1up to date
 sha1^0.10.60.10.6up to date
 ctr^0.9.20.9.2up to date
 aes^0.8.40.8.4up to date
 subtle^2.5.02.6.1up to date
 aead^0.5.20.5.2up to date
 aes-gcm^0.10.30.10.3up to date
 openssl^0.10.720.10.75up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 lazy_static^1.4.01.5.0up to date

Crate rtc-stun

Dependencies

(9 total, all up-to-date)

CrateRequiredLatestStatus
 bytes^1.5.01.11.0up to date
 lazy_static^1.4.01.5.0up to date
 url^2.5.02.5.7up to date
 rand^0.90.9.2up to date
 base64^0.22.00.22.1up to date
 subtle^2.5.02.6.1up to date
 crc^3.0.13.4.0up to date
 ring^0.17.140.17.14up to date
 md-5^0.100.10.6up to date

Dev dependencies

(2 total, 1 outdated)

CrateRequiredLatestStatus
 clap^4.5.24.5.53up to date
 criterion^0.5.10.8.1out of date

Crate rtc-turn

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 bytes^1.5.01.11.0up to date
 log^0.4.210.4.29up to date

Dev dependencies

(7 total, 1 outdated)

CrateRequiredLatestStatus
 env_logger^0.11.30.11.8up to date
 chrono^0.4.350.4.42up to date
 hex^0.4.30.4.3up to date
 clap^4.5.34.5.53up to date
 criterion^0.5.10.8.1out of date
 crossbeam-channel^0.50.5.15up to date
 ctrlc^3.43.5.1up to date

Crate rtc-interceptor

No external dependencies! 🙌

Crate rtc-mdns

No external dependencies! 🙌

Crate rtc-media

No external dependencies! 🙌

Security Vulnerabilities

ring: Some AES functions may panic when overflow checking is enabled.

RUSTSEC-2025-0009

ring::aead::quic::HeaderProtectionKey::new_mask() may panic when overflow checking is enabled. In the QUIC protocol, an attacker can induce this panic by sending a specially-crafted packet. Even unintentionally it is likely to occur in 1 out of every 2**32 packets sent and/or received.

On 64-bit targets operations using ring::aead::{AES_128_GCM, AES_256_GCM} may panic when overflow checking is enabled, when encrypting/decrypting approximately 68,719,476,700 bytes (about 64 gigabytes) of data in a single chunk. Protocols like TLS and SSH are not affected by this because those protocols break large amounts of data into small chunks. Similarly, most applications will not attempt to encrypt/decrypt 64GB of data in one chunk.

Overflow checking is not enabled in release mode by default, but RUSTFLAGS="-C overflow-checks" or overflow-checks = true in the Cargo.toml profile can override this. Overflow checking is usually enabled by default in debug mode.