VYPR
High severity7.5OSV Advisory· Published Apr 19, 2024· Updated Apr 15, 2026

CVE-2024-32650

CVE-2024-32650

Description

Rustls is a modern TLS library written in Rust. rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a close_notify message immediately after client_hello, the server's complete_io will get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
rustlscrates.io
>= 0.23.0, < 0.23.50.23.5
rustlscrates.io
>= 0.22.0, < 0.22.40.22.4
rustlscrates.io
>= 0.21.0, < 0.21.110.21.11

Affected products

32

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.