DEBIAN-CVE-2024-32650
- Source
- https://security-tracker.debian.org/tracker/CVE-2024-32650
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-32650.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2024-32650
- Upstream
- Published
- 2024-04-19T16:15:10Z
- Modified
- 2025-10-10T19:30:44.356424Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Rustls is a modern TLS library written in Rust.
rustls::ConnectionCommon::complete_iocould fall into an infinite loop based on network input. When using a blocking rustls server, if a client send aclose_notifymessage immediately afterclient_hello, the server'scomplete_iowill get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11. - References
Affected packages
Debian:12 / rust-rustls
Package
- Name
- rust-rustls
- Purl
- pkg:deb/debian/rust-rustls?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.20.8-4
0.20.8-4.1
0.20.8-4.2
0.21.5-1
0.21.5-2
0.21.5-3
0.21.5-4
0.21.5-5
0.21.6-1
0.21.6-2
0.21.6-3
0.21.6-4
0.21.7-1
0.21.8-1
0.21.8-2
0.21.8-3
0.21.8-3.1
0.21.9-1
0.21.10-1
0.21.12-1
0.21.12-2
0.21.12-3
0.21.12-4
0.21.12-5
0.21.12-6
0.21.12-7
0.21.12-8
0.21.12-9
0.23.16-1
0.23.20+ds-1
0.23.20+ds-2
0.23.20+ds-3
0.23.20+ds-4
0.23.20+ds-5
0.23.20+ds-6
0.23.20+ds-7
0.23.20+ds-8
0.23.20+ds-9
0.23.20+ds-10
0.23.25+ds-1
0.23.26+ds-1
0.23.31+ds-1
0.23.31+ds-2
0.23.31+ds-3
0.23.31+ds-4
0.23.31+ds-5
0.23.31+ds-6
0.23.31+ds-7
0.23.32+ds-1
0.23.32+ds-2
Debian:13 / rust-rustls
Package
- Name
- rust-rustls
- Purl
- pkg:deb/debian/rust-rustls?arch=source
Debian:14 / rust-rustls
Package
- Name
- rust-rustls
- Purl
- pkg:deb/debian/rust-rustls?arch=source