CVE-2024-28854: tls-listener affected by the slow loris vulnerability with default configuration
(updated )
With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS.
References
- en.wikipedia.org/wiki/Slowloris_(computer_security)
- github.com/advisories/GHSA-2qph-qpvm-2qf7
- github.com/tmccombs/tls-listener
- github.com/tmccombs/tls-listener/commit/d5a7655d6ea9e53ab57c3013092c5576da964bc4
- github.com/tmccombs/tls-listener/releases/tag/v0.10.0
- github.com/tmccombs/tls-listener/security/advisories/GHSA-2qph-qpvm-2qf7
- nvd.nist.gov/vuln/detail/CVE-2024-28854
- rustsec.org/advisories/RUSTSEC-2024-0341.html
Detect and mitigate CVE-2024-28854 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →