MidnightBSD

Advisories for rustls_project

CVE-2019-15541 MEDIUM

rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for Rust allows attackers to cause a denial of service (loop of conn_event and ready) by arranging for a client to never be writable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-88,

Products Affected

Vendor Product Version
rustls_project rustls *
CVE-2024-11738

A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
rustls_project rustls 0.23.13