mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
1.0 KiB
1.0 KiB
CVE-2024-32650
&color=brighgreen)
Description
Rustls is a modern TLS library written in Rust. rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a close_notify message immediately after client_hello, the server's complete_io will get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11.
POC
Reference
- https://github.com/rustls/rustls/security/advisories/GHSA-6g7w-8wpp-frhj
- https://github.com/rustls/rustls/security/advisories/GHSA-6g7w-8wpp-frhj
Github
No PoCs found on GitHub currently.