Lucene search

[email protected]CVE-2020-35875

HistoryDec 31, 2020 - 10:15 a.m.

CVE-2020-35875

2020-12-3110:15:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2020-35875

tokio-rustls

excessive memory usage

data arrival

rust

security issue

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

42.3%

JSON

An issue was discovered in the tokio-rustls crate before 0.13.1 for Rust. Excessive memory usage may occur when data arrives quickly.

CPENameOperatorVersion
tokio:tokio-rustlstokio tokio-rustlslt0.13.1

CPE	Name	Operator	Version
tokio:tokio-rustls	tokio tokio-rustls	lt	0.13.1

References

rustsec.org/advisories/RUSTSEC-2020-0019.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

42.3%

JSON

Related for CVE-2020-35875

prion1 ubuntucve1 osv2 cvelist1 rustsec1 github1