Description
rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for Rust allows attackers to cause a denial of service (loop of conn_event and ready) by arranging for a client to never be writable.
References (3)
Core 3
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/ctz/rustls/compare/cd66549...17ee52c
Patch, Third Party Advisory x_refsource_misc
https://github.com/ctz/rustls/commit/a93ee1abd2ab19ebe4bf9d684d56637ee54a6074
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/ctz/rustls/issues/285
Scores
CVSS v3
7.5
EPSS
0.0048
EPSS Percentile
65.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-88
Status
published
Products (1)
rustls_project/rustls
< 0.16.0
Published
Aug 26, 2019
Tracked Since
Feb 18, 2026