Tokio Security Vulnerabilities
The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion. The set_ex_data function used by the library did not deallocate memory used by pre-existing data in memory each time after...
5.3CVSS
7.2AI Score
0.0005EPSS
Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting pipe_mode will reset reject_remote_clients to false. If the application has previously configured...
5.4CVSS
5.4AI Score
0.001EPSS
An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory...
8.1CVSS
7.8AI Score
0.002EPSS
An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong...
5.9CVSS
5.6AI Score
0.001EPSS
An issue was discovered in the tokio-rustls crate before 0.13.1 for Rust. Excessive memory usage may occur when data arrives...
7.5CVSS
7.5AI Score
0.001EPSS