7 matches found
rustls network-reachable panic in `Acceptor::accept`
A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept are affected. Servers that use tokio-rustls's LazyConfigAcceptor API are affected. Servers that use tokio-rustls's TlsAcceptor API are not...
GHSA-QG5G-GV98-5FFH rustls network-reachable panic in `Acceptor::accept`
A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept are affected. Servers that use tokio-rustls's LazyConfigAcceptor API are affected. Servers that use tokio-rustls's TlsAcceptor API are not...
RUSTSEC-2024-0399 rustls network-reachable panic in `Acceptor::accept`
A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept are affected. Servers that use tokio-rustls's LazyConfigAcceptor API are affected. Servers that use tokio-rustls's TlsAcceptor API are not...
rustls network-reachable panic in `Acceptor::accept`
A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept are affected. Servers that use tokio-rustls's LazyConfigAcceptor API are affected. Servers that use tokio-rustls's TlsAcceptor API are not...
PT-2024-40945 · Unknown +1 · Tokio-Rustls +2
Name of the Vulnerable Software and Affected Versions: rustls version 0.23.13 Description: A bug in rustls leads to a panic if the received TLS ClientHello is fragmented. This issue affects servers using rustls::server::Acceptor::accept and tokio-rustls's LazyConfigAcceptor API, but not those usi...
rustls-ffi (=0.10.0) potentially affected by CVE-2024-32650 via rustls (=0.21.0)
rustls CARGO version =0.21.0 is affected by a known vulnerability. The following packages have a transitive dependency on rustls and may be impacted: - rustls-ffi =0.10.0 Source cves: CVE-2024-32650 Source advisory: OSV:GHSA-6G7W-8WPP-FRHJ...
RUSTSEC-2024-0336 `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input
If a closenotify alert is received during a handshake, completeio does not terminate. Callers which do not call completeio are not affected. rustls-tokio and rustls-ffi do not call completeio and are not affected. rustls::Stream and rustls::StreamOwned types use completeio and are affected...