Описание
Excessive memory usage in tokio-rustls
tokio-rustls does not call process_new_packets immediately after read, so the expected termination condition wants_read always returns true. As long as new incoming data arrives faster than it is processed and the reader does not return pending, data will be buffered. This may cause DoS.
Пакеты
Наименование
tokio-rustls
rust
Затронутые версииВерсия исправления
>= 0.12.0, < 0.12.3
0.12.3
Наименование
tokio-rustls
rust
Затронутые версииВерсия исправления
>= 0.13.0, < 0.13.1
0.13.1
Связанные уязвимости
CVSS3: 7.5
ubuntu
около 5 лет назад
An issue was discovered in the tokio-rustls crate before 0.13.1 for Rust. Excessive memory usage may occur when data arrives quickly.
CVSS3: 7.5
nvd
около 5 лет назад
An issue was discovered in the tokio-rustls crate before 0.13.1 for Rust. Excessive memory usage may occur when data arrives quickly.