CVE-2024-32650: Denial of Service Vulnerability in Rustls Library
(updated )
rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input.
References
- github.com/advisories/GHSA-6g7w-8wpp-frhj
- github.com/rustls/rustls
- github.com/rustls/rustls/commit/2123576840aa31043a31b0770e6572136fbe0c2d
- github.com/rustls/rustls/commit/5374108df698e78c3e9ef8265cac311556be24af
- github.com/rustls/rustls/commit/6e938bcfe82a9da7a2e1cbf10b928c7eca26426e
- github.com/rustls/rustls/commit/ebcb4782f23b4edf9b10a7065d9e8d4362439d9c
- github.com/rustls/rustls/commit/f45664fbded03d833dffd806503d3c8becd1b71e
- github.com/rustls/rustls/security/advisories/GHSA-6g7w-8wpp-frhj
- nvd.nist.gov/vuln/detail/CVE-2024-32650
- rustsec.org/advisories/RUSTSEC-2024-0336.html
Code Behaviors & Features
Detect and mitigate CVE-2024-32650 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →