CVE-2023-43669
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of times) and the average amount of data for each parse attempt (e.g., millions of bytes).
| Vendor | n/a |
| Product | n/a |
| Published | Sep 21, 2023 |
| Last Updated | Aug 2, 2024 |
Stay Ahead of the Next One
Get instant alerts for n/a n/a
Be the first to know when new unknown vulnerabilities affecting n/a n/a are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
n/a / n/a
n/a
References
github.com: https://github.com/snapview/tungstenite-rs/issues/376 cwe.mitre.org: https://cwe.mitre.org/data/definitions/407.html crates.io: https://crates.io/crates/tungstenite/versions github.com: https://github.com/snapview/tungstenite-rs/commit/8b3ecd3cc0008145ab4bc8d0657c39d09db8c7e2 github.com: https://github.com/advisories/GHSA-9mcr-873m-xcxp github.com: https://github.com/github/advisory-database/pull/2752 bugzilla.suse.com: https://bugzilla.suse.com/show_bug.cgi?id=1215563 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2240110 security-tracker.debian.org: https://security-tracker.debian.org/tracker/CVE-2023-43669 lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THK6G6CD4VW6RCROWUV2C4HSINKK3XAK/ lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TT7SF6CQ5VHAGFLWNXY64NFSW4WIWE7D/ lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R77EUWPZVP5WSMNXUXUDNHR7G7OI5NGM/