Jjfiv

**Name of the Vulnerable Software and Affected Versions** rustls versions prior to 0.21.11 rustls versions prior to 0.22.4 rustls versions prior to 0.23.5 **Description** The `rustls::ConnectionCommon::complete io` function could fall into an infinite loop based on network input. When using a blocking rustls server, if a client sends a `close notify` message immediately after `client hello`, the server's `complete io` will get in an infinite loop. This issue can be exploited to cause a denial-of-service (DOS) attack, where a multithreaded non-async server that uses `rustls` could be attacked by getting few requests like this and stop handling normal requests. **Recommendations** For versions prior to 0.21.11, update to version 0.21.11 or later. For versions prior to 0.22.4, update to version 0.22.4 or later. For versions prior to 0.23.5, update to version 0.23.5 or later. As a temporary workaround, consider disabling the `complete io` function until a patch is available. Restrict access to the `rustls::Stream` and `rustls::StreamOwned` types to minimize the risk of exploitation.