CVE-2023-43669

Name of the Vulnerable Software and Affected Versions Tungstenite crate versions prior to 0.20.1

Description The issue allows remote attackers to cause a denial of service, resulting in minutes of CPU consumption, via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted and the average amount of data for each parse attempt.

Recommendations For versions prior to 0.20.1, update to version 0.20.1 or later to resolve the issue. As a temporary workaround, consider restricting the length of HTTP headers in client handshakes to prevent excessive CPU consumption.