Skip to content

Commit ec75237

Browse files
hillwoodroczonyitoo
hillwoodroc
authored and
zonyitoo
committed
fix: fix CVE-2024-32650
Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server's `complete_io` will get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11.
1 parent 8467528 commit ec75237

File tree

1 file changed

+32
-31
lines changed

1 file changed

+32
-31
lines changed

Cargo.lock

Lines changed: 32 additions & 31 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)