Untriaged
Permalink
CVE-2024-11738
5.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): LOW
Rustls: rustls network-reachable panic in `acceptor::accept`
A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message.
References
- https://access.redhat.com/security/cve/CVE-2024-11738 x_refsource_REDHAT vdb-entry
- RHBZ#2328732 issue-tracking x_refsource_REDHAT
- https://github.com/advisories/GHSA-qg5g-gv98-5ffh
- https://github.com/rustls/rustls
- https://github.com/rustls/rustls/issues/2227
- https://rustsec.org/advisories/RUSTSEC-2024-0399.html
- https://access.redhat.com/security/cve/CVE-2024-11738 x_refsource_REDHAT vdb-entry
- RHBZ#2328732 issue-tracking x_refsource_REDHAT
- https://github.com/advisories/GHSA-qg5g-gv98-5ffh
- https://github.com/rustls/rustls
- https://github.com/rustls/rustls/issues/2227
- https://rustsec.org/advisories/RUSTSEC-2024-0399.html
- https://access.redhat.com/security/cve/CVE-2024-11738 x_refsource_REDHAT vdb-entry
- RHBZ#2328732 issue-tracking x_refsource_REDHAT
- https://github.com/advisories/GHSA-qg5g-gv98-5ffh
- https://github.com/rustls/rustls
- https://github.com/rustls/rustls/issues/2227
- https://rustsec.org/advisories/RUSTSEC-2024-0399.html
Affected products
rustls
- <0.23.18
rhtas/tuffer-rhel9
rhtas/tuftool-rhel9
Matching in nixpkgs
pkgs.rustls-ffi
C-to-rustls bindings
-
nixos-unstable -
- nixpkgs-unstable 0.15.0
pkgs.rustls-libssl
Partial reimplementation of the OpenSSL 3 libssl ABI using rustls
-
nixos-unstable -
- nixpkgs-unstable 0.2.1
Package maintainers
-
@LeSuisse Thomas Gerbet <thomas@gerbet.me>
-
@stephank Stéphan Kochen <nix@stephank.nl>
-
@cpu Daniel McCarney <daniel@binaryparadox.net>