webrtc-rs / rtc

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate `rtc`

Dependencies

(16 total, 4 outdated, 2 possibly insecure)

Crate	Required	Latest	Status
log	`^0.4.21`	`0.4.28`	up to date
serde	`^1.0.197`	`1.0.228`	up to date
serde_json	`^1.0.114`	`1.0.145`	up to date
rand	`^0.8.5`	`0.9.2`	out of date
bytes	`^1.5.0`	`1.10.1`	up to date
regex	`^1.10.3`	`1.12.2`	up to date
url	`^2.5.0`	`2.5.7`	up to date
rustls ⚠️	`^0.21`	`0.23.34`	out of date
rcgen	`^0.12.1`	`0.14.5`	out of date
ring ⚠️	`^0.17.8`	`0.17.14`	maybe insecure
sha2	`^0.10.8`	`0.10.9`	up to date
hex	`^0.4.3`	`0.4.3`	up to date
pem	`^3.0.3`	`3.0.6`	up to date
lazy_static	`^1.4.0`	`1.5.0`	up to date
base64	`^0.22.0`	`0.22.1`	up to date
thiserror	`^1.0.58`	`2.0.17`	out of date

Dev dependencies

(5 total, all up-to-date)

Crate	Required	Latest	Status
tokio-test	`^0.4.4`	`0.4.4`	up to date
env_logger	`^0.11.3`	`0.11.8`	up to date
arc-swap	`^1.7.0`	`1.7.1`	up to date
tokio	`^1.36.0`	`1.48.0`	up to date
waitgroup	`^0.1.2`	`0.1.2`	up to date

Crate `rtc-datachannel`

Dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
bytes	`^1.5.0`	`1.10.1`	up to date
log	`^0.4.21`	`0.4.28`	up to date

Dev dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
env_logger	`^0.11.3`	`0.11.8`	up to date
chrono	`^0.4.35`	`0.4.42`	up to date

Crate `rtc-dtls`

Dependencies

(24 total, 7 outdated, 2 possibly insecure)

Crate	Required	Latest	Status
bytes	`^1.5.0`	`1.10.1`	up to date
byteorder	`^1.5.0`	`1.5.0`	up to date
rand_core	`^0.6.4`	`0.9.3`	out of date
p256	`^0.13.2`	`0.13.2`	up to date
p384	`^0.13.0`	`0.13.1`	up to date
rand	`^0.8.5`	`0.9.2`	out of date
hmac	`^0.12.1`	`0.12.1`	up to date
sha1	`^0.10.6`	`0.10.6`	up to date
sha2	`^0.10.8`	`0.10.9`	up to date
aes	`^0.8.4`	`0.8.4`	up to date
cbc	`^0.1.2`	`0.1.2`	up to date
aes-gcm	`^0.10.3`	`0.10.3`	up to date
ccm	`^0.5.0`	`0.5.0`	up to date
x25519-dalek	`^2.0.1`	`2.0.1`	up to date
x509-parser	`^0.16.0`	`0.18.0`	out of date
der-parser	`^9.0.0`	`10.0.0`	out of date
rcgen	`^0.12.1`	`0.14.5`	out of date
ring ⚠️	`^0.17.8`	`0.17.14`	maybe insecure
rustls ⚠️	`^0.21.10`	`0.23.34`	out of date
bincode	`^1.3.3`	`2.0.1`	out of date
serde	`^1.0.197`	`1.0.228`	up to date
subtle	`^2.5.0`	`2.6.1`	up to date
log	`^0.4.21`	`0.4.28`	up to date
pem	`^3.0.3`	`3.0.6`	up to date

Dev dependencies

(8 total, all up-to-date)

Crate	Required	Latest	Status
local-sync	`^0.1.1`	`0.1.1`	up to date
core_affinity	`^0.8.1`	`0.8.3`	up to date
chrono	`^0.4.35`	`0.4.42`	up to date
env_logger	`^0.11.3`	`0.11.8`	up to date
clap	`^4.5.2`	`4.5.51`	up to date
anyhow	`^1.0.80`	`1.0.100`	up to date
ctrlc	`^3.4.4`	`3.5.1`	up to date
futures	`^0.3.30`	`0.3.31`	up to date

Crate `rtc-ice`

Dependencies

(6 total, 1 outdated)

Crate	Required	Latest	Status
crc	`^3.0.1`	`3.3.0`	up to date
log	`^0.4.21`	`0.4.28`	up to date
rand	`^0.8.5`	`0.9.2`	out of date
serde	`^1.0.197`	`1.0.228`	up to date
url	`^2.5.0`	`2.5.7`	up to date
bytes	`^1.5.0`	`1.10.1`	up to date

Dev dependencies

(13 total, 1 outdated)

Crate	Required	Latest	Status
regex	`^1.10.3`	`1.12.2`	up to date
env_logger	`^0.11.3`	`0.11.8`	up to date
chrono	`^0.4.35`	`0.4.42`	up to date
ipnet	`^2.9.0`	`2.11.0`	up to date
clap	`^4.5.2`	`4.5.51`	up to date
lazy_static	`^1.4.0`	`1.5.0`	up to date
hyper	`^0.14.28`	`1.7.0`	out of date
sha1	`^0.10.6`	`0.10.6`	up to date
waitgroup	`^0.1.2`	`0.1.2`	up to date
serde_json	`^1.0.114`	`1.0.145`	up to date
tokio	`^1.36`	`1.48.0`	up to date
futures	`^0.3.30`	`0.3.31`	up to date
ctrlc	`^3.4`	`3.5.1`	up to date

Crate `rtc-rtcp`

Dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
bytes	`^1.5.0`	`1.10.1`	up to date

Crate `rtc-rtp`

Dependencies

(3 total, 1 outdated)

Crate	Required	Latest	Status
bytes	`^1.5.0`	`1.10.1`	up to date
rand	`^0.8.5`	`0.9.2`	out of date
serde	`^1.0.197`	`1.0.228`	up to date

Dev dependencies

(2 total, 1 outdated)

Crate	Required	Latest	Status
chrono	`^0.4.35`	`0.4.42`	up to date
criterion	`^0.5.1`	`0.7.0`	out of date

Crate `rtc-sctp`

Dependencies

(7 total, 2 outdated)

Crate	Required	Latest	Status
bytes	`^1.5.0`	`1.10.1`	up to date
fxhash	`^0.2.1`	`0.2.1`	up to date
rand	`^0.8.5`	`0.9.2`	out of date
slab	`^0.4.9`	`0.4.11`	up to date
thiserror	`^1.0.57`	`2.0.17`	out of date
log	`^0.4.21`	`0.4.28`	up to date
crc	`^3.0.1`	`3.3.0`	up to date

Dev dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
assert_matches	`^1.5.0`	`1.5.0`	up to date
lazy_static	`^1.4.0`	`1.5.0`	up to date

Crate `rtc-sdp`

Dependencies

(2 total, 1 outdated)

Crate	Required	Latest	Status
url	`^2.5.0`	`2.5.7`	up to date
rand	`^0.8.5`	`0.9.2`	out of date

Dev dependencies

(1 total, 1 outdated)

Crate	Required	Latest	Status
criterion	`^0.5.1`	`0.7.0`	out of date

Crate `rtc-shared`

Dependencies

(10 total, 2 outdated)

Crate	Required	Latest	Status
thiserror	`^1.0.58`	`2.0.17`	out of date
substring	`^1.4.5`	`1.4.5`	up to date
bytes	`^1.5.0`	`1.10.1`	up to date
aes-gcm	`^0.10.3`	`0.10.3`	up to date
url	`^2.5.0`	`2.5.7`	up to date
rcgen	`^0.12.1`	`0.14.5`	out of date
sec1	`^0.7.3`	`0.7.3`	up to date
p256	`^0.13.2`	`0.13.2`	up to date
aes	`^0.8.4`	`0.8.4`	up to date
retty	`^0.29.0`	`0.29.0`	up to date

Crate `rtc-srtp`

Dependencies

(9 total, all up-to-date)

Crate	Required	Latest	Status
byteorder	`^1.5.0`	`1.5.0`	up to date
bytes	`^1.5.0`	`1.10.1`	up to date
hmac	`^0.12.1`	`0.12.1`	up to date
sha1	`^0.10.6`	`0.10.6`	up to date
ctr	`^0.9.2`	`0.9.2`	up to date
aes	`^0.8.4`	`0.8.4`	up to date
subtle	`^2.5.0`	`2.6.1`	up to date
aead	`^0.5.2`	`0.5.2`	up to date
aes-gcm	`^0.10.3`	`0.10.3`	up to date

Dev dependencies

(1 total, all up-to-date)

Crate	Required	Latest	Status
lazy_static	`^1.4.0`	`1.5.0`	up to date

Crate `rtc-stun`

Dependencies

(9 total, 2 outdated, 1 possibly insecure)

Crate	Required	Latest	Status
bytes	`^1.5.0`	`1.10.1`	up to date
lazy_static	`^1.4.0`	`1.5.0`	up to date
url	`^2.5.0`	`2.5.7`	up to date
rand	`^0.8.5`	`0.9.2`	out of date
base64	`^0.22.0`	`0.22.1`	up to date
subtle	`^2.5.0`	`2.6.1`	up to date
crc	`^3.0.1`	`3.3.0`	up to date
ring ⚠️	`^0.17.8`	`0.17.14`	maybe insecure
md5	`^0.7.0`	`0.8.0`	out of date

Dev dependencies

(2 total, 1 outdated)

Crate	Required	Latest	Status
clap	`^4.5.2`	`4.5.51`	up to date
criterion	`^0.5.1`	`0.7.0`	out of date

Crate `rtc-turn`

Dependencies

(2 total, all up-to-date)

Crate	Required	Latest	Status
bytes	`^1.5.0`	`1.10.1`	up to date
log	`^0.4.21`	`0.4.28`	up to date

Dev dependencies

(7 total, 1 outdated)

Crate	Required	Latest	Status
env_logger	`^0.11.3`	`0.11.8`	up to date
chrono	`^0.4.35`	`0.4.42`	up to date
hex	`^0.4.3`	`0.4.3`	up to date
clap	`^4.5.3`	`4.5.51`	up to date
criterion	`^0.5.1`	`0.7.0`	out of date
crossbeam-channel	`^0.5`	`0.5.15`	up to date
ctrlc	`^3.4`	`3.5.1`	up to date

Crate `rtc-interceptor`

No external dependencies! 🙌

Crate `rtc-mdns`

No external dependencies! 🙌

Crate `rtc-media`

No external dependencies! 🙌

Security Vulnerabilities

`rustls`: `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

RUSTSEC-2024-0336

If a close_notify alert is received during a handshake, complete_io does not terminate.

Callers which do not call complete_io are not affected.

rustls-tokio and rustls-ffi do not call complete_io and are not affected.

rustls::Stream and rustls::StreamOwned types use complete_io and are affected.

`ring`: Some AES functions may panic when overflow checking is enabled.

RUSTSEC-2025-0009

ring::aead::quic::HeaderProtectionKey::new_mask() may panic when overflow checking is enabled. In the QUIC protocol, an attacker can induce this panic by sending a specially-crafted packet. Even unintentionally it is likely to occur in 1 out of every 2**32 packets sent and/or received.

On 64-bit targets operations using ring::aead::{AES_128_GCM, AES_256_GCM} may panic when overflow checking is enabled, when encrypting/decrypting approximately 68,719,476,700 bytes (about 64 gigabytes) of data in a single chunk. Protocols like TLS and SSH are not affected by this because those protocols break large amounts of data into small chunks. Similarly, most applications will not attempt to encrypt/decrypt 64GB of data in one chunk.

Overflow checking is not enabled in release mode by default, but RUSTFLAGS="-C overflow-checks" or overflow-checks = true in the Cargo.toml profile can override this. Overflow checking is usually enabled by default in debug mode.

webrtc-rs / rtc

Crate rtc

Dependencies

Dev dependencies

Crate rtc-datachannel

Dependencies

Dev dependencies

Crate rtc-dtls

Dependencies

Dev dependencies

Crate rtc-ice

Dependencies

Dev dependencies

Crate rtc-rtcp

Dependencies

Crate rtc-rtp

Dependencies

Dev dependencies

Crate rtc-sctp

Dependencies

Dev dependencies

Crate rtc-sdp

Dependencies

Dev dependencies

Crate rtc-shared

Dependencies

Crate rtc-srtp

Dependencies

Dev dependencies

Crate rtc-stun

Dependencies

Dev dependencies

Crate rtc-turn

Dependencies

Dev dependencies

Crate rtc-interceptor

Crate rtc-mdns

Crate rtc-media

Security Vulnerabilities

rustls: `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

ring: Some AES functions may panic when overflow checking is enabled.

Crate `rtc`

Crate `rtc-datachannel`

Crate `rtc-dtls`

Crate `rtc-ice`

Crate `rtc-rtcp`

Crate `rtc-rtp`

Crate `rtc-sctp`

Crate `rtc-sdp`

Crate `rtc-shared`

Crate `rtc-srtp`

Crate `rtc-stun`

Crate `rtc-turn`

Crate `rtc-interceptor`

Crate `rtc-mdns`

Crate `rtc-media`

`rustls`: `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

`ring`: Some AES functions may panic when overflow checking is enabled.