High severity7.5OSV Advisory· Published Apr 19, 2024· Updated Apr 15, 2026
CVE-2024-32650
CVE-2024-32650
Description
Rustls is a modern TLS library written in Rust. rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a close_notify message immediately after client_hello, the server's complete_io will get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rustlscrates.io | >= 0.23.0, < 0.23.5 | 0.23.5 |
rustlscrates.io | >= 0.22.0, < 0.22.4 | 0.22.4 |
rustlscrates.io | >= 0.21.0, < 0.21.11 | 0.21.11 |
Affected products
32- osv-coords31 versionspkg:apk/chainguard/cargo-auditpkg:apk/chainguard/cargo-audit-docpkg:apk/chainguard/kdashpkg:apk/chainguard/pgcatpkg:apk/chainguard/samplypkg:apk/chainguard/wasmcloudpkg:apk/chainguard/xhpkg:apk/wolfi/cargo-auditpkg:apk/wolfi/cargo-audit-docpkg:apk/wolfi/kdashpkg:apk/wolfi/pgcatpkg:apk/wolfi/samplypkg:apk/wolfi/wasmcloudpkg:apk/wolfi/xhpkg:cargo/rustlspkg:rpm/opensuse/git-cliff&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/gitoxide&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/gstreamer-plugins-rs&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/kubetui&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/sccache&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/shadowsocks-rust&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/teleport&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/tlrc&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/topgrade&distro=openSUSE%20Tumbleweedpkg:rpm/suse/git-cliff&distro=SUSE%20Package%20Hub%2015%20SP5pkg:rpm/suse/gstreamer-plugins-rs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6pkg:rpm/suse/gstreamer-plugins-rs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP7pkg:rpm/suse/rust-keylime&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/rust-keylime&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/rust-keylime&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/rust-keylime&distro=SUSE%20Linux%20Micro%206.0
< 0.21.2-r1+ 30 more
- (no CPE)range: < 0.21.2-r1
- (no CPE)range: < 0.21.2-r1
- (no CPE)range: < 0.6.1-r0
- (no CPE)range: < 1.2.0-r1
- (no CPE)range: < 0.12.0-r2
- (no CPE)range: < 1.1.0-r0
- (no CPE)range: < 0.22.2-r3
- (no CPE)range: < 0.21.2-r1
- (no CPE)range: < 0.21.2-r1
- (no CPE)range: < 0.6.1-r0
- (no CPE)range: < 1.2.0-r1
- (no CPE)range: < 0.12.0-r2
- (no CPE)range: < 1.1.0-r0
- (no CPE)range: < 0.22.2-r3
- (no CPE)range: >= 0.23.0, < 0.23.5
- (no CPE)range: < 2.2.2-bp155.2.3.1
- (no CPE)range: < 0.38.0-1.1
- (no CPE)range: < 0.12.11-150600.3.3.1
- (no CPE)range: < 1.5.1-1.1
- (no CPE)range: < 0.8.0~3-1.1
- (no CPE)range: < 1.18.3-1.1
- (no CPE)range: < 15.2.4-1.1
- (no CPE)range: < 1.9.2+0-1.1
- (no CPE)range: < 14.0.1-2.1
- (no CPE)range: < 2.2.2-bp155.2.3.1
- (no CPE)range: < 0.12.11-150600.3.3.1
- (no CPE)range: < 0.12.11-150600.3.3.1
- (no CPE)range: < 0.2.7+141-150400.3.7.1
- (no CPE)range: < 0.2.7+141-150400.3.5.1
- (no CPE)range: < 0.2.7+141-150500.3.5.1
- (no CPE)range: < 0.2.6+13-1.1
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-6g7w-8wpp-frhjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-32650ghsaADVISORY
- github.com/rustls/rustls/commit/2123576840aa31043a31b0770e6572136fbe0c2dnvdWEB
- github.com/rustls/rustls/commit/5374108df698e78c3e9ef8265cac311556be24afghsaWEB
- github.com/rustls/rustls/commit/6e938bcfe82a9da7a2e1cbf10b928c7eca26426envdWEB
- github.com/rustls/rustls/commit/ebcb4782f23b4edf9b10a7065d9e8d4362439d9cghsaWEB
- github.com/rustls/rustls/commit/f45664fbded03d833dffd806503d3c8becd1b71envdWEB
- github.com/rustls/rustls/security/advisories/GHSA-6g7w-8wpp-frhjnvdWEB
- rustsec.org/advisories/RUSTSEC-2024-0336.htmlghsaWEB
News mentions
0No linked articles in our index yet.