Joseph Birr-Pixton

4 exploits Active since Aug 2019
CVE-2024-32650 WRITEUP HIGH WRITEUP
rustls 0.21.0-0.21.10, 0.22.0-0.22.3, 0.23.0-0.23.4 - Denial of Service via Infinite Loop in complete_io
Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server's `complete_io` will get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11.
CVSS 7.5
CVE-2024-32650 WRITEUP HIGH WRITEUP
rustls 0.21.0-0.21.10, 0.22.0-0.22.3, 0.23.0-0.23.4 - Denial of Service via Infinite Loop in complete_io
Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server's `complete_io` will get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11.
CVSS 7.5
CVE-2019-15541 WRITEUP HIGH WRITEUP
rustls < 0.16.0 - Denial of Service via Client Writable State Manipulation
rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for Rust allows attackers to cause a denial of service (loop of conn_event and ready) by arranging for a client to never be writable.
CVSS 7.5
CVE-2024-32650 WRITEUP HIGH WRITEUP
rustls 0.21.0-0.21.10, 0.22.0-0.22.3, 0.23.0-0.23.4 - Denial of Service via Infinite Loop in complete_io
Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server's `complete_io` will get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11.
CVSS 7.5