CVE-2019-15541 — Argument Injection in Project Rustls

CWE-88 — Argument Injection2 documents2 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 34.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Rustls Project Rustls

Timeline

PublishedAug 26

Latest updateMay 24

Description

rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for Rust allows attackers to cause a denial of service (loop of conn_event and ready) by arranging for a client to never be writable.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDrustls_project/rustls< 0.16.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-888v-c6vc-wh7r: rustls-mio/examples/tlsserver↗2022-05-24

▶