Untriaged
Rustls: rustls network-reachable panic in `acceptor::accept`
A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message.
Affected products
rustls
- <0.23.18
rhtas/tuffer-rhel9
rhtas/tuftool-rhel9
Matching in nixpkgs
pkgs.rustls-ffi
C-to-rustls bindings
-
nixos-unstable -
- nixpkgs-unstable 0.15.0
pkgs.rustls-libssl
Partial reimplementation of the OpenSSL 3 libssl ABI using rustls
-
nixos-unstable -
- nixpkgs-unstable 0.2.1
Package maintainers
-
@LeSuisse Thomas Gerbet <thomas@gerbet.me>
-
@stephank Stéphan Kochen <nix@stephank.nl>
-
@cpu Daniel McCarney <daniel@binaryparadox.net>