7.5

CVE-2023-43669

Exploit
The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of times) and the average amount of data for each parse attempt (e.g., millions of bytes).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SnapviewTungstenite SwPlatformrust Version <= 0.20.0
FedoraprojectFedora Version37
FedoraprojectFedora Version38
FedoraprojectFedora Version39
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.62% 0.729
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://bugzilla.redhat.com/show_bug.cgi?id=2240110
Third Party Advisory
Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1215563
Third Party Advisory
Issue Tracking
https://crates.io/crates/tungstenite/versions
Release Notes
https://cwe.mitre.org/data/definitions/407.html
Technical Description
https://github.com/advisories/GHSA-9mcr-873m-xcxp
Third Party Advisory
https://github.com/github/advisory-database/pull/2752
Patch
https://github.com/snapview/tungstenite-rs/commit/8b3ecd3cc0008145ab4bc8d0657c39d09db8c7e2
Patch
https://github.com/snapview/tungstenite-rs/issues/376
Exploit
Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R77EUWPZVP5WSMNXUXUDNHR7G7OI5NGM/
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THK6G6CD4VW6RCROWUV2C4HSINKK3XAK/
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TT7SF6CQ5VHAGFLWNXY64NFSW4WIWE7D/
Third Party Advisory
Mailing List
https://security-tracker.debian.org/tracker/CVE-2023-43669
Third Party Advisory