Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2024-32650
HistoryApr 19, 2024 - 12:00 a.m.

CVE-2024-32650

2024-04-1900:00:00
ubuntu.com
ubuntu.com
10
cve-2024-32650
rustls
tls library
infinite loop
network input
blocking server
close_notify message
fixed
version 0.23.5
version 0.22.4
version 0.21.11
unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

Low

EPSS

0

Percentile

15.5%

JSON

Rustls is a modern TLS library written in Rust.
rustls::ConnectionCommon::complete_io could fall into an infinite loop
based on network input. When using a blocking rustls server, if a client
send a close_notify message immediately after client_hello, the
server’s complete_io will get in an infinite loop. This vulnerability is
fixed in 0.23.5, 0.22.4, and 0.21.11.

OSVersionArchitecturePackageVersionFilename
ubuntu24.04noarchrust-rustls< anyUNKNOWN

Related

osv 13
cve 1
debiancve 1
openvas 1
nvd 1
vulnrichment 1
github 1
wolfi 1
nessus 1
cvelist 1
cbl_mariner 1
osv
osv
`rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input
2024-04-19 12:00:00
CVE-2024-32650
2024-04-19 16:15:10
tlrc-1.9.2+0-1.1 on GA media
2024-06-15 00:00:00
cve
cve
CVE-2024-32650
2024-04-19 16:15:10
debiancve
debiancve
CVE-2024-32650
2024-04-19 16:15:10
openvas
openvas
openSUSE: Security Advisory for git (openSUSE-SU-2024:0130-1)
2024-05-19 00:00:00
nvd
nvd
CVE-2024-32650
2024-04-19 16:15:10
vulnrichment
vulnrichment
CVE-2024-32650 Rustls vulnerable to an infinite loop in rustls::conn::ConnectionCommon::complete_io() with proper client input
2024-04-19 16:05:44
github
github
Denial of Service Vulnerability in Rustls Library
2024-04-19 19:46:57
wolfi
wolfi
CVE-2024-32650 vulnerabilities
2024-10-01 21:13:23
nessus
nessus
openSUSE 15 Security Update : git-cliff (openSUSE-SU-2024:0130-1)
2024-05-21 00:00:00
cvelist
cvelist
CVE-2024-32650 Rustls vulnerable to an infinite loop in rustls::conn::ConnectionCommon::complete_io() with proper client input
2024-04-19 16:05:44
cbl_mariner
cbl_mariner
CVE-2024-32650 affecting package kata-containers for versions less than 3.2.0.azl2-3
2024-07-22 15:42:40

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

Low

EPSS

0

Percentile

15.5%

JSON
Related for UB:CVE-2024-32650
osv13cve1debiancve1openvas1nvd1vulnrichment1github1wolfi1nessus1cvelist1cbl_mariner1