CVE-2024-11738Uncaught Exception in Project Rustls

CWE-248Uncaught Exception8 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 48.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Rustls Project RustlsDebian Rust-rustlsMsrc Azl3 Rust 1.75.0-14 ON Azure Linux 3.0+2 more
Timeline
PublishedDec 6
Latest updateApr 17

Description

A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

crates.iorustls_project/rustls0.23.00.23.0+1

🔴Vulnerability Details

4
VulDB
rustls up to 0.23.17 Acceptor::accept denial of service (GHSA-qg5g-gv98-5ffh / Nessus ID 306681)2026-04-17
OSV
CVE-2024-11738: A flaw was found in Rustls 02024-12-06
OSV
rustls network-reachable panic in `Acceptor::accept`2024-11-25
OSV
rustls network-reachable panic in `Acceptor::accept`2024-11-22

📋Vendor Advisories

3
Microsoft
Rustls: rustls network-reachable panic in `acceptor::accept`2024-12-10
Red Hat
rustls: rustls network-reachable panic in `Acceptor::accept`2024-11-25
Debian
CVE-2024-11738: rust-rustls - A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows d...2024
CVE-2024-11738 — Uncaught Exception in Project Rustls | cvebase