CVE-2023-6180
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion. The set_ex_data function used by the library did not deallocate memory used by pre-existing data in memory each time after completing a TLS connection causing the program to consume more resources with each new connection.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cloudflare | tokio-boring | 4.0.0 <= 4.1.0 | affected |
Weaknesses
- CWE-400: CWE-400 Uncontrolled Resource Consumption
- CWE-404: CWE-404 Improper Resource Shutdown or Release
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.