Lucene search
K

11156 matches found

NVD
NVD
added 2024/04/19 4:15 p.m.11 views

CVE-2024-32650

Rustls is a modern TLS library written in Rust. rustls::ConnectionCommon::completeio could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a closenotify message immediately after clienthello, the server's completeio will get in an infinite...

7.5CVSS7.3AI score0.00949EPSS
Exploits0References4
OSV
OSV
added 2024/04/19 4:15 p.m.2 views

DEBIAN-CVE-2024-32650

Rustls is a modern TLS library written in Rust. rustls::ConnectionCommon::completeio could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a closenotify message immediately after clienthello, the server's completeio will get in an infinite...

7.5CVSS5.3AI score0.00949EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2024/04/19 4:15 p.m.15 views

CVE-2024-32650

Rustls is a modern TLS library written in Rust. rustls::ConnectionCommon::completeio could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a closenotify message immediately after clienthello, the server's completeio will get in an infinite...

7.5CVSS5.9AI score0.00949EPSS
Exploits0References2
OSV
OSV
added 2024/04/19 4:15 p.m.3 views

UBUNTU-CVE-2024-32650

Rustls is a modern TLS library written in Rust. rustls::ConnectionCommon::completeio could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a closenotify message immediately after clienthello, the server's completeio will get in an infinite...

7.5CVSS5.8AI score0.00949EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/19 4:5 p.m.25 views

CVE-2024-32650 Rustls vulnerable to an infinite loop in rustls::conn::ConnectionCommon::complete_io() with proper client input

Rustls is a modern TLS library written in Rust. rustls::ConnectionCommon::completeio could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a closenotify message immediately after clienthello, the server's completeio will get in an infinite...

7.5CVSS7.5AI score0.00949EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/04/19 4:5 p.m.10 views

CVE-2024-32650 Rustls vulnerable to an infinite loop in rustls::conn::ConnectionCommon::complete_io() with proper client input

Rustls is a modern TLS library written in Rust. rustls::ConnectionCommon::completeio could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a closenotify message immediately after clienthello, the server's completeio will get in an infinite...

7.5CVSS6.6AI score0.00949EPSS
Exploits0References4
CVE
CVE
added 2024/04/19 4:5 p.m.298 views

CVE-2024-32650

CVE-2024-32650 affects rustls:complete_io in a blocking rustls server can enter an infinite loop if a client sends close_notify right after client_hello, leading to a denial of service. Fixes exist in rustls releases 0.23.5, 0.22.4, and 0.21.11. Remediation is to upgrade to one of these versions ...

7.5CVSS6.4AI score0.00949EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/04/19 4:5 p.m.17 views

CVE-2024-32650

Rustls is a modern TLS library written in Rust. rustls::ConnectionCommon::completeio could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a closenotify message immediately after clienthello, the server's completeio will get in an infinite...

7.5CVSS7.3AI score0.00949EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/19 2:34 p.m.33 views

Security Bulletin: IBM i Access Client Solutions is vulnerable to an infinite loop or out of memory error due to vulnerabilities in Apache Commons Compress.

Summary IBM i Access Client Solutions is vulnerable to an infinite loop CVE-2024-25710 or an out of memory error CVE-2024-26308 in Apache Commons Compress. Apache Commons Compress is used by the Data Transfer feature of IBM i Access Client Solutions when transferring data from reading xls and xls...

8.1CVSS6.6AI score0.00898EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/04/19 12:0 p.m.14 views

RUSTSEC-2024-0336 `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

If a closenotify alert is received during a handshake, completeio does not terminate. Callers which do not call completeio are not affected. rustls-tokio and rustls-ffi do not call completeio and are not affected. rustls::Stream and rustls::StreamOwned types use completeio and are affected...

7.5CVSS7.3AI score0.00949EPSS
Exploits0References3
Veracode
Veracode
added 2024/04/19 9:9 a.m.20 views

Denial Of Service (DoS)

libfrr.so is vulnerable to Denial of Service DoS. The vulnerability is caused when receiving a MP/GR capability as a dynamic capability due to an incorrect placement of a continue statement within a while loop that iterates over a pointer. In this case, the pointer is not incremented before the...

6.5CVSS6.3AI score0.007EPSS
Exploits0References5Affected Software2
Positive Technologies
Positive Technologies
added 2024/04/19 12:0 a.m.6 views

PT-2024-24744

Name of the Vulnerable Software and Affected Versions rustls versions prior to 0.21.11 rustls versions prior to 0.22.4 rustls versions prior to 0.23.5 Description The rustls::ConnectionCommon::complete io function could fall into an infinite loop based on network input. When using a blocking rust...

8.8CVSS7AI score0.91969EPSS
Exploits3References60
CNNVD
CNNVD
added 2024/04/19 12:0 a.m.5 views

Rustls 安全漏洞

Rustls is a modern TLS library in Rust open-sourced by Rustls. A security vulnerability exists in Rustls versions prior to 0.23.5, 0.22.4, and 0.21.11, which stems from an infinite loop in the server's completeio if a client sends a closenotify message immediately after clienthello when using a...

7.5CVSS6.7AI score0.00949EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/04/19 12:0 a.m.36 views

EulerOS Virtualization 2.10.0 : libXpm (EulerOS-SA-2024-1530)

According to the versions of the libXpm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in libX11 due to an infinite loop within the PutSubImage function. This flaw allows a local user to...

7.8CVSS7.1AI score0.00461EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2024/04/18 11:43 a.m.2 views

commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file

A loop with an unreachable exit condition Infinite Loop vulnerability was found in Apache Common Compress. This issue can lead to a denial of service...

8.1CVSS6.8AI score0.00441EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/04/18 2:8 a.m.50 views

Moderate: Red Hat Security Advisory: rhc-worker-script security and enhancement update

An update for rhc-worker-script is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/04/18 12:0 a.m.26 views

CentOS 7 : rhc-worker-script (RHSA-2024:1874)

The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1874 advisory. - The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a...

7.5CVSS6.9AI score0.01262EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/04/17 12:0 a.m.28 views

Oracle Linux 7 : cri-o (ELSA-2024-12329)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12329 advisory. - Address CVE-2024-24786 cri-tools - Address CVE-2024-24786 etcd - Address protobuf CVE-2024-24786 - Address CVE-2023-39326 by upgrading golang to...

8.6CVSS7.2AI score0.01262EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/04/17 12:0 a.m.100 views

Oracle Primavera Unifier (April 2024 CPU)

The versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2024 CPU advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as...

8.8CVSS7.2AI score0.99999EPSS
Exploits23References7
Snyk
Snyk
added 2024/04/12 10:9 p.m.2 views

Infinite loop

Overview BouncyCastle is a C implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Infinite loop in ED25519 verification in the ScalarUtil class. An attacker can send a malicious signature and public key to trigger denial of service. Remediation There is ...

7.5CVSS6.6AI score0.00753EPSS
Exploits0References2
Rows per page
Query Builder