RUSTSEC-2023-0065: Tungstenite allows remote attackers to cause a denial of service


> Tungstenite allows remote attackers to cause a denial of service

| Details             |                                                |
| ------------------- | ---------------------------------------------- |
| Package             | `tungstenite`                      |
| Version             | `0.17.3`                   |
| URL                 | [https://github.com/snapview/tungstenite-rs/issues/376](https://github.com/snapview/tungstenite-rs/issues/376) |
| Date                | 2023-09-25                         |
| Patched versions    | `>=0.20.1`                  |

The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause
a denial of service (minutes of CPU consumption) via an excessive length of an
HTTP header in a client handshake. The length affects both how many times a parse
is attempted (e.g., thousands of times) and the average amount of data for each
parse attempt (e.g., millions of bytes).

See [advisory page](https://rustsec.org/advisories/RUSTSEC-2023-0065.html) for additional details.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

RUSTSEC-2023-0065: Tungstenite allows remote attackers to cause a denial of service #387

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Details
Package	`tungstenite`
Version	`0.17.3`
URL	snapview/tungstenite-rs#376
Date	2023-09-25
Patched versions	`>=0.20.1`

Uh oh!

RUSTSEC-2023-0065: Tungstenite allows remote attackers to cause a denial of service #387

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions