cdk-from-cfn icon indicating copy to clipboard operation
cdk-from-cfn copied to clipboard

Published 20 hours ago verified publisher icon cdklabs

RUSTSEC-2024-0336: `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input

Open cdklabs-automation opened this issue 9 months ago • 0 comments

rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input

Details
Package rustls
Version 0.21.9
URL https://github.com/rustls/rustls/security/advisories/GHSA-6g7w-8wpp-frhj
Date 2024-04-19
Patched versions >=0.23.5,>=0.22.4, <0.23.0,>=0.21.11, <0.22.0

If a close_notify alert is received during a handshake, complete_io does not terminate.

Callers which do not call complete_io are not affected.

rustls-tokio and rustls-ffi do not call complete_io and are not affected.

rustls::Stream and rustls::StreamOwned types use complete_io and are affected.

See advisory page for additional details.

cdklabs-automation avatar May 11 '24 00:05 cdklabs-automation