17 matches found
EUVD-2021-1514
Malware in sbrugna...
CVE-2020-35875
An issue was discovered in the tokio-rustls crate before 0.13.1 for Rust. Excessive memory usage may occur when data arrives quickly...
rustls network-reachable panic in `Acceptor::accept`
A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept are affected. Servers that use tokio-rustls's LazyConfigAcceptor API are affected. Servers that use tokio-rustls's TlsAcceptor API are not...
GHSA-QG5G-GV98-5FFH rustls network-reachable panic in `Acceptor::accept`
A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept are affected. Servers that use tokio-rustls's LazyConfigAcceptor API are affected. Servers that use tokio-rustls's TlsAcceptor API are not...
RUSTSEC-2024-0399 rustls network-reachable panic in `Acceptor::accept`
A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept are affected. Servers that use tokio-rustls's LazyConfigAcceptor API are affected. Servers that use tokio-rustls's TlsAcceptor API are not...
rustls network-reachable panic in `Acceptor::accept`
A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept are affected. Servers that use tokio-rustls's LazyConfigAcceptor API are affected. Servers that use tokio-rustls's TlsAcceptor API are not...
GHSA-2JFV-G3FH-XQ3V Excessive memory usage in tokio-rustls
tokio-rustls does not call processnewpackets immediately after read, so the expected termination condition wantsread always returns true. As long as new incoming data arrives faster than it is processed and the reader does not return pending, data will be buffered. This may cause DoS...
Excessive memory usage in tokio-rustls
tokio-rustls does not call processnewpackets immediately after read, so the expected termination condition wantsread always returns true. As long as new incoming data arrives faster than it is processed and the reader does not return pending, data will be buffered. This may cause DoS...
CVE-2020-35875
An issue was discovered in the tokio-rustls crate before 0.13.1 for Rust. Excessive memory usage may occur when data arrives quickly...
CVE-2020-35875
An issue was discovered in the tokio-rustls crate before 0.13.1 for Rust. Excessive memory usage may occur when data arrives quickly...
CVE-2020-35875
An issue was discovered in the tokio-rustls crate before 0.13.1 for Rust. Excessive memory usage may occur when data arrives quickly...
Design/Logic Flaw
An issue was discovered in the tokio-rustls crate before 0.13.1 for Rust. Excessive memory usage may occur when data arrives quickly...
CVE-2020-35875
An issue was discovered in the tokio-rustls crate before 0.13.1 for Rust. Excessive memory usage may occur when data arrives quickly...
CVE-2020-35875
CVE-2020-35875 affects the Rust crate tokio-rustls (before 0.13.1). The root cause is that tokio-rustls does not call process_new_packets immediately after read, causing wants_read to always return true and allowing data to accumulate in memory when data arrives faster than it is processed. This ...
Rust Security Vulnerabilities
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust tokio-rustls crate before 0.13.1, which stems from the possibility of excessive memory usage when data arrives quickly...
RUSTSEC-2020-0019 tokio-rustls reads may cause excessive memory usage
tokio-rustls does not call processnewpackets immediately after read, so the expected termination condition wantsread always returns true. As long as new incoming data arrives faster than it is processed and the reader does not return pending, data will be buffered. This may cause DoS...
tokio-rustls reads may cause excessive memory usage
tokio-rustls does not call processnewpackets immediately after read, so the expected termination condition wantsread always returns true. As long as new incoming data arrives faster than it is processed and the reader does not return pending, data will be buffered. This may cause DoS...