PT-2023-32554 · Unknown · Tokio-Boring

Ehaydenr

Published

2023-12-05

Updated

2023-12-12

CVE-2023-6180

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions tokio-boring version 4.0.0

Description The issue is related to a memory leak that can cause excessive resource consumption and potentially lead to a Denial of Service (DoS) by resource exhaustion. This occurs because the set ex data function, used by the library, fails to deallocate memory used by pre-existing data after completing a TLS connection, resulting in increased resource consumption with each new connection.

Recommendations For tokio-boring version 4.0.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Resource Release

Memory Leak

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-401CWE-400

Related Identifiers

CVE-2023-6180

GHSA-PJRJ-H4FG-6GM4

Affected Products

Tokio-Boring

PT-2023-32554 · Unknown · Tokio-Boring

CVE-2023-6180

Weakness Enumeration

Related Identifiers

Affected Products

References · 7