- Reported
-
- Issued
-
- Package
-
rustls
(crates.io)
- Type
-
Vulnerability
- Categories
-
- References
-
- Patched
-
- Unaffected
-
Description
A bug introduced in rustls 0.23.13 leads to a panic if the received
TLS ClientHello is fragmented. Only servers that use
rustls::server::Acceptor::accept() are affected.
Servers that use tokio-rustls's LazyConfigAcceptor API are affected.
Servers that use tokio-rustls's TlsAcceptor API are not affected.
Servers that use rustls-ffi's rustls_acceptor_accept API are affected.
Advisory available under CC0-1.0
license.