You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Rustls is a modern TLS library written in Rust. rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a close_notify message immediately after client_hello, the server's complete_io will get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11.The worst case impact for these vulnerabilities can be "Attacker can trigger DOS via infinite loop".
How do I fix it?
We recommend updating from 0.21.10 to 0.21.11.
The text was updated successfully, but these errors were encountered:
This is the package maintainer's summary.
Rustls is a modern TLS library written in Rust. rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a close_notify message immediately after client_hello, the server's complete_io will get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11.The worst case impact for these vulnerabilities can be "Attacker can trigger DOS via infinite loop".
How do I fix it?
We recommend updating from 0.21.10 to 0.21.11.
The text was updated successfully, but these errors were encountered: