7 matches found
Improper Resource Shutdown or Release
Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release after establishing a TLS session. An attacker can cause excessive CPU utilization by initiating a half-shutdown of the connection during the handshake, leading the peer to enter a spin loop on socke...
Improper Resource Shutdown or Release
Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release after establishing a TLS session. An attacker can cause excessive CPU utilization by initiating a half-shutdown of the connection during the handshake, leading the peer to enter a spin loop on socke...
CVE-2025-58369 fs2: Half-shutdown of socket during TLS handshake may result in spin loop on opposite side
fs2 is a compositional, streaming I/O library for Scala. Versions up to and including 2.5.12, 3.0.0-M1 through 3.12.2, and 3.13.0-M1 through 3.13.0-M6 are vulnerable to denial of service attacks though TLS sessions using fs2-io on the JVM using the fs2.io.net.tls package. When establishing a TLS...
CVE-2025-58369 fs2: Half-shutdown of socket during TLS handshake may result in spin loop on opposite side
fs2 is a compositional, streaming I/O library for Scala. Versions up to and including 2.5.12, 3.0.0-M1 through 3.12.2, and 3.13.0-M1 through 3.13.0-M6 are vulnerable to denial of service attacks though TLS sessions using fs2-io on the JVM using the fs2.io.net.tls package. When establishing a TLS...
CVE-2025-58369
CVE-2025-58369 affects fs2 (Scala) with fs2-io TLS on the JVM. The vulnerability exists in versions up to 2.5.12, 3.0.0-M1…3.12.2, and 3.13.0-M1…3.13.0-M6, where during TLS handshake a peer that shuts down write while the other side awaits data can spin the socket read, causing high CPU usage and...
FS2 half-shutdown of socket during TLS handshake may result in spin loop on opposite side
Impact When establishing a TLS session using fs2-io on the JVM using the fs2.io.net.tls package, if one side of the connection shuts down write while the peer side is awaiting more data to progress the TLS handshake, the peer side will spin loop on the socket read, fully utilizing a CPU. This CPU...
GHSA-RRW2-PX9J-QFFJ FS2 half-shutdown of socket during TLS handshake may result in spin loop on opposite side
Impact When establishing a TLS session using fs2-io on the JVM using the fs2.io.net.tls package, if one side of the connection shuts down write while the peer side is awaiting more data to progress the TLS handshake, the peer side will spin loop on the socket read, fully utilizing a CPU. This CPU...