Skip to content

Commit

Permalink
fix: fix CVE-2024-32650
Browse files Browse the repository at this point in the history 
Rustls is a modern TLS library written in Rust.
`rustls::ConnectionCommon::complete_io` could fall into an infinite loop based
on network input. When using a blocking rustls server, if a client send a
`close_notify` message immediately after `client_hello`, the server's
`complete_io` will get in an infinite loop. This vulnerability is fixed in
0.23.5, 0.22.4, and 0.21.11.
  • Loading branch information
@hillwoodroc @zonyitoo
hillwoodroc authored and zonyitoo committed Apr 22, 2024
1 parent 8467528 commit ec75237
Showing 1 changed file with 32 additions and 31 deletions.
63 changes: 32 additions & 31 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit ec75237

Please sign in to comment.