Name of the Vulnerable Software and Affected Versions rustls version 0.23.13

Description A bug in rustls leads to a panic if the received TLS ClientHello is fragmented. This issue affects servers using rustls::server::Acceptor::accept() and tokio-rustls's LazyConfigAcceptor API, but not those using tokio-rustls's TlsAcceptor API or other unaffected APIs. Servers using rustls-ffi's rustls acceptor accept API are also affected.

Recommendations For rustls version 0.23.13, consider updating to a newer version to resolve the issue. As a temporary workaround, consider avoiding the use of rustls::server::Acceptor::accept() and tokio-rustls's LazyConfigAcceptor API until a patch is available. Restrict access to the rustls-ffi's rustls acceptor accept API to minimize the risk of exploitation.