CVE-2024-32650

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-32650

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-32650.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-32650

Aliases

Related

Published

2024-04-19T16:15:10Z

Modified

2024-10-12T11:23:20.508362Z

Summary

[none]

Details

Rustls is a modern TLS library written in Rust. rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a close_notify message immediately after client_hello, the server's complete_io will get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11.

References

Affected packages

Debian:12 / rust-rustls

Package

Name: rust-rustls
Purl: pkg:deb/debian/rust-rustls?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.20.8-4

0.20.8-4.1

0.20.8-4.2

0.21.5-1

0.21.5-2

0.21.5-3

0.21.5-4

0.21.5-5

0.21.6-1

0.21.6-2

0.21.6-3

0.21.6-4

0.21.7-1

0.21.8-1

0.21.8-2

0.21.8-3

0.21.8-3.1

0.21.9-1

0.21.10-1

0.21.12-1

0.21.12-2

0.21.12-3

0.21.12-4

0.21.12-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / rust-rustls

Package

Name: rust-rustls
Purl: pkg:deb/debian/rust-rustls?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.21.12-1

Affected versions

0.*

0.20.8-4

0.20.8-4.1

0.20.8-4.2

0.21.5-1

0.21.5-2

0.21.5-3

0.21.5-4

0.21.5-5

0.21.6-1

0.21.6-2

0.21.6-3

0.21.6-4

0.21.7-1

0.21.8-1

0.21.8-2

0.21.8-3

0.21.8-3.1

0.21.9-1

0.21.10-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/rustls/rustls

Affected ranges

Type: GIT
Repo: https://github.com/rustls/rustls
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2123576840aa31043a31b0770e6572136fbe0c2d

Fixed

6e938bcfe82a9da7a2e1cbf10b928c7eca26426e

Fixed

f45664fbded03d833dffd806503d3c8becd1b71e

Affected versions

rustls-post-quantum-v/0.*

rustls-post-quantum-v/0.1.0

v/0.*

v/0.1.0

v/0.1.1

v/0.1.2

v/0.10.0

v/0.11.0

v/0.12.0

v/0.13.0

v/0.14.0

v/0.15.0

v/0.15.1

v/0.15.2

v/0.16.0

v/0.17.0

v/0.18.0

v/0.18.1

v/0.19.0

v/0.20.0

v/0.20.0-beta1

v/0.20.0-beta2

v/0.20.1

v/0.20.2

v/0.20.3

v/0.20.4

v/0.20.5

v/0.20.6

v/0.20.7

v/0.20.8

v/0.21.0

v/0.21.0-alpha.1

v/0.21.1

v/0.21.2

v/0.22.0

v/0.23.0

v/0.23.1

v/0.23.2

v/0.23.3

v/0.23.4

v/0.5.0

v/0.5.1

v/0.5.2

v/0.5.3

v/0.5.4

v/0.5.5

v/0.5.6

v/0.5.7

v/0.5.8

v/0.6.0

v/0.7.0

v/0.8.0

v/0.9.0