Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-32650

Published: 19/04/2024 Updated: 19/04/2024

Vulnerability Summary

Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server's `complete_io` will get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11.

Vendor Advisories

Debian CVElist Bug Report Logs: rust-rustls: CVE-2024-32650
Debian Bug report logs - #1069677 rust-rustls: CVE-2024-32650 Package: src:rust-rustls; Maintainer for src:rust-rustls is Jonas Smedegaard <dr@jonesdk>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Mon, 22 Apr 2024 14:45:01 UTC Severity: grave Tags: security, upstream Reply or subscribe to this bug ...

References

https://github.com/rustls/rustls/security/advisories/GHSA-6g7w-8wpp-frhjhttps://github.com/rustls/rustls/commit/2123576840aa31043a31b0770e6572136fbe0c2dhttps://github.com/rustls/rustls/commit/6e938bcfe82a9da7a2e1cbf10b928c7eca26426ehttps://github.com/rustls/rustls/commit/f45664fbded03d833dffd806503d3c8becd1b71ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069677https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook