Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RUSTSEC-2024-0336: rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input #12

Open
github-actions bot opened this issue Jul 4, 2024 · 0 comments
Milestone

Comments

@github-actions
Copy link

github-actions bot commented Jul 4, 2024

rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input

Details
Package rustls
Version 0.20.9
URL GHSA-6g7w-8wpp-frhj
Date 2024-04-19
Patched versions >=0.23.5,>=0.22.4, <0.23.0,>=0.21.11, <0.22.0

If a close_notify alert is received during a handshake, complete_io
does not terminate.

Callers which do not call complete_io are not affected.

rustls-tokio and rustls-ffi do not call complete_io
and are not affected.

rustls::Stream and rustls::StreamOwned types use
complete_io and are affected.

See advisory page for additional details.

@stringhandler stringhandler added this to the Bug milestone Sep 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant