CVE-2019-15541

HIGH

Rustls < 0.16.0 - Denial of Service

Title source: rule

Description

rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for Rust allows attackers to cause a denial of service (loop of conn_event and ready) by arranging for a client to never be writable.

References (3)

[Patch, Third Party Advisory] https://github.com/ctz/rustls/commit/a93ee1abd2ab19ebe4bf9d684d56637ee54a6074

View Patch ZIP pw:eip

[Release Notes, Third Party Advisory] https://github.com/ctz/rustls/compare/cd66549...17ee52c

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/ctz/rustls/issues/285

Scores

CVSS v3 7.5

EPSS 0.0048

EPSS Percentile 64.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-88

Status published

Affected Products (1)

rustls_project/rustls < 0.16.0

Timeline

Published Aug 26, 2019

Tracked Since Feb 18, 2026