7.5
CVSS V3
Rustls vulnerable to an infinite loop in rustls::conn::ConnectionCommon::complete_io() with proper client input
Rustls is a modern TLS library written in Rust. rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a close_notify message immediately after client_hello, the server's complete_io will get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11.