Rustls Project Rustls vulnerabilities

CVE-2024-11738 [HIGH] CWE-248 CVE-2024-11738: A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (pa A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message.

CVE-2024-32650 [HIGH] CWE-835 Denial of Service Vulnerability in Rustls Library Denial of Service Vulnerability in Rustls Library ### Summary `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. ### Details Verified at `0.22` and `0.23` `rustls`, but `0.21` and `0.20` release lines are also affected. `tokio-rustls` and `rustls-ffi` do not call `complete_io` and are not affected. `rustls::Stream` and `rustls::StreamOwned` types use `complete_io` and

CVE-2019-15541 [HIGH] CWE-88 CVE-2019-15541: rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for Rust allows attackers to caus rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for Rust allows attackers to cause a denial of service (loop of conn_event and ready) by arranging for a client to never be writable.