CVE-2020-35875

Name of the Vulnerable Software and Affected Versions tokio-rustls versions prior to 0.13.1

Description The issue is related to excessive memory usage that may occur when data arrives quickly. This happens because tokio-rustls does not call process new packets immediately after read, causing the expected termination condition wants read to always return true. As a result, data will be buffered as long as new incoming data arrives faster than it is processed and the reader does not return pending. This may cause a Denial of Service (DoS).

Recommendations For versions prior to 0.13.1, update to version 0.13.1 or later to resolve the issue. As a temporary workaround, consider implementing measures to limit the rate of incoming data to prevent excessive buffering.