GHSA-2jfv-g3fh-xq3v
Suggest an improvement- Source
- https://github.com/advisories/GHSA-2jfv-g3fh-xq3v
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-2jfv-g3fh-xq3v/GHSA-2jfv-g3fh-xq3v.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-2jfv-g3fh-xq3v
- Aliases
-
- CVE-2020-35875
- RUSTSEC-2020-0019
- Published
- 2021-08-25T20:46:54Z
- Modified
- 2023-11-08T04:03:36.949759Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Excessive memory usage in tokio-rustls
- Details
-
tokio-rustls does not call processnewpackets immediately after read, so the expected termination condition wants_read always returns true. As long as new incoming data arrives faster than it is processed and the reader does not return pending, data will be buffered. This may cause DoS.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-400" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2021-08-19T21:19:01Z" }- References
Affected packages
crates.io / tokio-rustls
Package
- Name
- tokio-rustls
- View open source insights on deps.dev
- Purl
- pkg:cargo/tokio-rustls
crates.io / tokio-rustls
Package
- Name
- tokio-rustls
- View open source insights on deps.dev
- Purl
- pkg:cargo/tokio-rustls