Mpilquist

**Name of the Vulnerable Software and Affected Versions** fs2 versions 3.12.2 and lower fs2 versions 3.13.0-M1 through 3.13.0-M6 **Description** fs2, a compositional, streaming I/O library for Scala, is susceptible to denial of service attacks through TLS sessions when using `fs2-io` on the JVM with the `fs2.io.net.tls` package. During TLS handshake establishment, if one side closes the `write` stream while the peer is awaiting further data, the peer can enter a CPU spin loop on socket read, consuming CPU resources until the connection closes. This can potentially disrupt an `fs2-io` powered server. **Recommendations** Upgrade to fs2 version 3.12.1 or later. Upgrade to fs2 version 3.13.0-M7 or later.