CVE-2024-32650

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-32650
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-32650.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-32650
Aliases
Downstream
Related
Published
2024-04-19T16:05:44Z
Modified
2025-10-30T20:26:24.251048Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Rustls vulnerable to an infinite loop in rustls::conn::ConnectionCommon::complete_io() with proper client input
Details

Rustls is a modern TLS library written in Rust. rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a close_notify message immediately after client_hello, the server's complete_io will get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11.

Database specific 
{
    "cwe_ids": [
        "CWE-835"
    ]
}
References

Affected packages

Git / github.com/rustls/rustls

Affected ranges

Type
GIT
Repo
https://github.com/rustls/rustls
Events
Introduced
eb0791bc94cfdc4c42f743902a35074ce58ced11
Fixed
14cb5d2eac709f6c9bd46c697f090bb1f1543db1
Database specific 
{
    "versions": [
        {
            "introduced": "0.23.0"
        },
        {
            "fixed": "0.23.5"
        }
    ]
}
Type
GIT
Repo
https://github.com/rustls/rustls
Events
Introduced
4d1b762b5328a1714862ba73ec72d5522fe0c049
Fixed
ae277befb5061bbd4c44fea1c2697f2da5b2f6fa
Database specific 
{
    "versions": [
        {
            "introduced": "0.22.0"
        },
        {
            "fixed": "0.22.4"
        }
    ]
}
Type
GIT
Repo
https://github.com/rustls/rustls
Events
Introduced
45197b807cf0699c842fcb85eb8eca555c74cc04
Fixed
7b8d1dbc1e666dc4d83640c64e96d257d39cfda4
Database specific 
{
    "versions": [
        {
            "introduced": "0.21.0"
        },
        {
            "fixed": "0.21.11"
        }
    ]
}
Type
GIT
Repo
https://github.com/rustls/rustls
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
bc754a4fbb586beb7b1dfce38ab880fd90c0e422
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "= 0.20.0"
        }
    ]
}

Affected versions

rustls-post-quantum-v/0.*

rustls-post-quantum-v/0.1.0

v/0.*

v/0.1.0
v/0.1.1
v/0.1.2
v/0.10.0
v/0.11.0
v/0.12.0
v/0.13.0
v/0.14.0
v/0.15.0
v/0.15.1
v/0.15.2
v/0.16.0
v/0.17.0
v/0.18.0
v/0.18.1
v/0.19.0
v/0.20.0
v/0.20.0-beta1
v/0.20.0-beta2
v/0.21.0
v/0.21.1
v/0.21.10
v/0.21.2
v/0.21.3
v/0.21.4
v/0.21.5
v/0.21.6
v/0.21.7
v/0.21.8
v/0.21.9
v/0.22.0
v/0.22.1
v/0.22.2
v/0.22.3
v/0.23.0
v/0.23.1
v/0.23.2
v/0.23.3
v/0.23.4
v/0.5.0
v/0.5.1
v/0.5.2
v/0.5.3
v/0.5.4
v/0.5.5
v/0.5.6
v/0.5.7
v/0.5.8
v/0.6.0
v/0.7.0
v/0.8.0
v/0.9.0