Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-43669

Published: 21/09/2023 Updated: 16/02/2024
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Tungstenite

Vulnerability Summary

The Tungstenite crate prior to 0.20.1 for Rust allows remote malicious users to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of times) and the average amount of data for each parse attempt (e.g., millions of bytes).

Vulnerable Product Search on Vulmon Subscribe to Product

snapview tungstenite

fedoraproject fedora 37

fedoraproject fedora 38

fedoraproject fedora 39

Vendor Advisories

Debian CVElist Bug Report Logs: rust-tungstenite: CVE-2023-43669
Debian Bug report logs - #1052415 rust-tungstenite: CVE-2023-43669 Package: src:rust-tungstenite; Maintainer for src:rust-tungstenite is Debian Rust Maintainers <pkg-rust-maintainers@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 21 Sep 2023 17:24:01 UTC Severity: important ...
Amazon Linux 2: ALASFIREFOX-2023-017
A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time This could have lead to memory corruption or a potentially exploitable crash*Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory The fix was included ...

References

NVD-CWE-noinfohttps://github.com/snapview/tungstenite-rs/issues/376https://cwe.mitre.org/data/definitions/407.htmlhttps://crates.io/crates/tungstenite/versionshttps://github.com/snapview/tungstenite-rs/commit/8b3ecd3cc0008145ab4bc8d0657c39d09db8c7e2https://github.com/advisories/GHSA-9mcr-873m-xcxphttps://bugzilla.suse.com/show_bug.cgi?id=1215563https://github.com/github/advisory-database/pull/2752https://bugzilla.redhat.com/show_bug.cgi?id=2240110https://security-tracker.debian.org/tracker/CVE-2023-43669https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THK6G6CD4VW6RCROWUV2C4HSINKK3XAK/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TT7SF6CQ5VHAGFLWNXY64NFSW4WIWE7D/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R77EUWPZVP5WSMNXUXUDNHR7G7OI5NGM/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052415https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALASFIREFOX-2023-017.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook