Moderate severityNVD Advisory· Published Dec 5, 2023· Updated Aug 2, 2024
Resource exhaustion via memory leak in tokio-boring
CVE-2023-6180
Description
The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion. The set_ex_data function used by the library did not deallocate memory used by pre-existing data in memory each time after completing a TLS connection causing the program to consume more resources with each new connection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tokio-boringcrates.io | >= 4.0.0, < 4.1.0 | 4.1.0 |
Affected products
2- Cloudflare/tokio-boringv5Range: 4.0.0
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.