rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
4c60d39456ee579c976db4349989e4104920bb99
advisory-db/crates/tungstenite/RUSTSEC-2023-0065.md
github-actions[bot] 4c60d39456 Assigned RUSTSEC-2023-0065 to tungstenite (#1796) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
2023-09-29 12:03:03 +00:00

761 B
Raw Blame History 

[advisory]
id = "RUSTSEC-2023-0065"
package = "tungstenite"
date = "2023-09-25"
url = "https://github.com/snapview/tungstenite-rs/issues/376"
categories = ["denial-of-service"]
aliases = ["CVE-2023-43669", "GHSA-9mcr-873m-xcxp"]
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"

[versions]
patched = [">= 0.20.1"]

Tungstenite allows remote attackers to cause a denial of service

The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of times) and the average amount of data for each parse attempt (e.g., millions of bytes).