Open github-actions[bot] opened 5 months ago
rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input
rustls::ConnectionCommon::complete_io
rustls
0.20.9
>=0.23.5,>=0.22.4, <0.23.0,>=0.21.11, <0.22.0
If a close_notify alert is received during a handshake, complete_io does not terminate.
close_notify
complete_io
Callers which do not call complete_io are not affected.
rustls-tokio and rustls-ffi do not call complete_io and are not affected.
rustls-tokio
rustls-ffi
rustls::Stream and rustls::StreamOwned types use complete_io and are affected.
rustls::Stream
rustls::StreamOwned
See advisory page for additional details.
rustls
0.20.9
>=0.23.5,>=0.22.4, <0.23.0,>=0.21.11, <0.22.0
If a
close_notify
alert is received during a handshake,complete_io
does not terminate.Callers which do not call
complete_io
are not affected.rustls-tokio
andrustls-ffi
do not callcomplete_io
and are not affected.rustls::Stream
andrustls::StreamOwned
types usecomplete_io
and are affected.See advisory page for additional details.