VYPR
Moderate severityNVD Advisory· Published Dec 5, 2023· Updated Aug 2, 2024

Resource exhaustion via memory leak in tokio-boring

CVE-2023-6180

Description

The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion. The set_ex_data function used by the library did not deallocate memory used by pre-existing data in memory each time after completing a TLS connection causing the program to consume more resources with each new connection.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
tokio-boringcrates.io
>= 4.0.0, < 4.1.04.1.0

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.