rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input
| Details |
|
| Package |
rustls |
| Version |
0.20.9 |
| URL |
GHSA-6g7w-8wpp-frhj |
| Date |
2024-04-19 |
| Patched versions |
>=0.23.5,>=0.22.4, <0.23.0,>=0.21.11, <0.22.0 |
If a close_notify alert is received during a handshake, complete_io
does not terminate.
Callers which do not call complete_io are not affected.
rustls-tokio and rustls-ffi do not call complete_io
and are not affected.
rustls::Stream and rustls::StreamOwned types use
complete_io and are affected.
See advisory page for additional details.
rustls0.20.9>=0.23.5,>=0.22.4, <0.23.0,>=0.21.11, <0.22.0If a
close_notifyalert is received during a handshake,complete_iodoes not terminate.
Callers which do not call
complete_ioare not affected.rustls-tokioandrustls-ffido not callcomplete_ioand are not affected.
rustls::Streamandrustls::StreamOwnedtypes usecomplete_ioand are affected.See advisory page for additional details.