Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server's `complete_io` will get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-04-19T16:05:44.050Z
Updated: 2024-06-04T17:49:50.274Z
Reserved: 2024-04-16T14:15:26.876Z
Link: CVE-2024-32650
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-04-19T16:15:10.940
Modified: 2024-04-19T16:19:49.043
Link: CVE-2024-32650
JSON object: View
Redhat Information
No data.
CWE