187 matches found
Rustls 安全漏洞
Rustls is a modern TLS library in Rust open-sourced by Rustls. A security vulnerability exists in Rustls versions prior to 0.23.5, 0.22.4, and 0.21.11, which stems from an infinite loop in the server's completeio if a client sends a closenotify message immediately after clienthello when using a...
Fedora 39 : rust-rustls-webpki (2023-4ae90bc849)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-4ae90bc849 advisory. Update to version 0.100.2. This includes a fix for RUSTSEC-2023-0053 denial-of-service via crafted certificate chains. Tenable has extracted the preceding...
CVE-2023-38545 vulnerabilities
Vulnerabilities for packages: curl, curl-rustls...
CVE-2023-38545 vulnerabilities
Vulnerabilities for packages: curl, curl-rustls...
CVE-2023-38546 vulnerabilities
Vulnerabilities for packages: curl, curl-rustls...
Fedora: Security Advisory (FEDORA-2023-4ae90bc849)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for rust-rustls-webpki (FEDORA-2023-6ef5f2fbf3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for rust-rustls-webpki (FEDORA-2023-7cb316a73b)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 37 : rust-rustls-webpki (2023-6ef5f2fbf3)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-6ef5f2fbf3 advisory. Update to version 0.100.2. This includes a fix for RUSTSEC-2023-0053 denial-of-service via crafted certificate chains. Tenable has extracted the preceding...
Fedora 38 : rust-rustls-webpki (2023-7cb316a73b)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-7cb316a73b advisory. Update to version 0.100.2. This includes a fix for RUSTSEC-2023-0053 denial-of-service via crafted certificate chains. Tenable has extracted the preceding...
webpki: CPU denial of service in certificate path building
When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building. Both TLS clients and TLS servers that accept client certificate are affected. This was previously reported in...
GHSA-8QV2-5VQ6-G2G7 webpki: CPU denial of service in certificate path building
When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building. Both TLS clients and TLS servers that accept client certificate are affected. This was previously reported in...
ntpd has Dependency on Vulnerable Third-Party Component
During startup, an attacker that can man-in-the-middle traffic to and from NTS key exchange servers can trigger a very expensive key validation process due to a vulnerability in webpki. Impact This vulnerability can lead to excessive cpu usage on startup on clients configured to use NTS Patches...
GHSA-FH2R-99Q2-6MMG rustls-webpki: CPU denial of service in certificate path building
When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building. Both TLS clients and TLS servers that accept client certificate are affected. We now give each path building operation...
rustls-webpki: CPU denial of service in certificate path building
When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building. Both TLS clients and TLS servers that accept client certificate are affected. We now give each path building operation...
RUSTSEC-2023-0053 rustls-webpki: CPU denial of service in certificate path building
When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building. Both TLS clients and TLS servers that accept client certificate are affected. We now give each path building operation...
rustls-webpki: CPU denial of service in certificate path building
When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building. Both TLS clients and TLS servers that accept client certificate are affected. We now give each path building operation...
NATS TLS certificate common name validation bypass
The NATS official Rust clients are vulnerable to MitM when using TLS. A fix for the nats crate hasn't been released yet. Since the nats crate is going to be deprecated anyway, consider switching to async-nats = 0.29 which already fixed this vulnerability. The common name of the server's TLS...
async-nats vulnerable to TLS certificate common name validation bypass
The NATS official Rust clients are vulnerable to MitM when using TLS. The common name of the server's TLS certificate is validated against the hostname provided by the server's plaintext INFO message during the initial connection setup phase. A MitM proxy can tamper with the host field's value by...
RUSTSEC-2023-0029 TLS certificate common name validation bypass
The NATS official Rust clients are vulnerable to MitM when using TLS. The common name of the server's TLS certificate is validated against the hostname provided by the server's plaintext INFO message during the initial connection setup phase. A MitM proxy can tamper with the host field's value by...