CVE-2024-32650

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-32650
Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server's `complete_io` will get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/rustls/rustls/commit/2123576840aa31043a31b0770e6572136fbe0c2d
https://github.com/rustls/rustls/commit/6e938bcfe82a9da7a2e1cbf10b928c7eca26426e
https://github.com/rustls/rustls/commit/f45664fbded03d833dffd806503d3c8becd1b71e
https://github.com/rustls/rustls/security/advisories/GHSA-6g7w-8wpp-frhj
https://github.com/rustls/rustls/commit/2123576840aa31043a31b0770e6572136fbe0c2d
https://github.com/rustls/rustls/commit/6e938bcfe82a9da7a2e1cbf10b928c7eca26426e
https://github.com/rustls/rustls/commit/f45664fbded03d833dffd806503d3c8becd1b71e
https://github.com/rustls/rustls/security/advisories/GHSA-6g7w-8wpp-frhj
Configurations

No configuration.

History

21 Nov 2024, 09:15

Type Values Removed Values Added
Summary
  • (es) Rustls es una librería TLS moderna escrita en Rust. `rustls::ConnectionCommon::complete_io` podría caer en un bucle infinito basado en la entrada de la red. Cuando se utiliza un servidor Rustls de bloqueo, si un cliente envía un mensaje `close_notify` inmediatamente después de `client_hello`, el `complete_io` del servidor entrará en un bucle infinito. Esta vulnerabilidad se solucionó en 0.23.5, 0.22.4 y 0.21.11.
References () https://github.com/rustls/rustls/commit/2123576840aa31043a31b0770e6572136fbe0c2d - () https://github.com/rustls/rustls/commit/2123576840aa31043a31b0770e6572136fbe0c2d -
References () https://github.com/rustls/rustls/commit/6e938bcfe82a9da7a2e1cbf10b928c7eca26426e - () https://github.com/rustls/rustls/commit/6e938bcfe82a9da7a2e1cbf10b928c7eca26426e -
References () https://github.com/rustls/rustls/commit/f45664fbded03d833dffd806503d3c8becd1b71e - () https://github.com/rustls/rustls/commit/f45664fbded03d833dffd806503d3c8becd1b71e -
References () https://github.com/rustls/rustls/security/advisories/GHSA-6g7w-8wpp-frhj - () https://github.com/rustls/rustls/security/advisories/GHSA-6g7w-8wpp-frhj -

19 Apr 2024, 16:19

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-19 16:15

Updated : 2024-11-21 09:15

NVD link : CVE-2024-32650

Mitre link : CVE-2024-32650

CVE.ORG link : CVE-2024-32650

JSON object : View

Products Affected

No product.

CWE
CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024