You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
rustls
About this tag
Rustls, the memory-safe TLS library written in Rust, has been found to contain a denial-of-service vulnerability. Under a specific handshake sequence, a blocking rustls server can enter an infinite loop inside rustls::conn::ConnectionCommon::complete_io(), consuming CPU and preventing normal connections. This design flaw affects high-availability systems and requires immediate patching. Operators using rustls in blocking server code should prioritize updates and mitigations to avoid service disruption.
Rustls—the widely used, memory-safe TLS library written in Rust—contains a denial‑of‑service design flaw: under a specific, easily reproducible handshake sequence a blocking rustls server can enter an infinite loop inside rustls::conn::ConnectionCommon::complete_io(), consuming CPU and...