PT-2023-32554 · Unknown · Tokio-Boring

Ehaydenr

Publicado

2023-12-05

Atualizado

2023-12-12

CVE-2023-6180

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions tokio-boring version 4.0.0

Description The issue is related to a memory leak that can cause excessive resource consumption and potentially lead to a Denial of Service (DoS) by resource exhaustion. This occurs because the set ex data function, used by the library, fails to deallocate memory used by pre-existing data after completing a TLS connection, resulting in increased resource consumption with each new connection.

Recommendations For tokio-boring version 4.0.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Resource Release

Memory Leak

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-404CWE-401CWE-400

Identificadores relacionados

CVE-2023-6180

GHSA-PJRJ-H4FG-6GM4

Produtos afetados

Tokio-Boring

PT-2023-32554 · Unknown · Tokio-Boring

CVE-2023-6180

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7