What is the severity of REDHAT-BUG-2240110?

The severity of REDHAT-BUG-2240110 is critical as it allows remote attackers to cause a denial of service.

How do I fix REDHAT-BUG-2240110?

To fix REDHAT-BUG-2240110, upgrade Tungstenite to version 0.21.0 or later.

What versions are affected by REDHAT-BUG-2240110?

REDHAT-BUG-2240110 affects Tungstenite versions up to and including 0.20.0.

Can REDHAT-BUG-2240110 lead to data loss?

While REDHAT-BUG-2240110 primarily causes a denial of service, it does not directly lead to data loss.

Who is impacted by REDHAT-BUG-2240110?

Users of the Tungstenite crate for Rust versions 0.20.0 and earlier are impacted by REDHAT-BUG-2240110.

Vulnerability/
REDHAT-BUG-2240110

medium

21/9/2023

22/3/2024

REDHAT-BUG-2240110

First published: Thu Sep 21 2023(Updated: )

The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of times) and the average amount of data for each parse attempt (e.g., millions of bytes).

Affected Software	Affected Version	How to fix
Tungstenite	<=0.20.0
Rust

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-2240110?
The severity of REDHAT-BUG-2240110 is critical as it allows remote attackers to cause a denial of service.
How do I fix REDHAT-BUG-2240110?
To fix REDHAT-BUG-2240110, upgrade Tungstenite to version 0.21.0 or later.
What versions are affected by REDHAT-BUG-2240110?
REDHAT-BUG-2240110 affects Tungstenite versions up to and including 0.20.0.
Can REDHAT-BUG-2240110 lead to data loss?
While REDHAT-BUG-2240110 primarily causes a denial of service, it does not directly lead to data loss.
Who is impacted by REDHAT-BUG-2240110?
Users of the Tungstenite crate for Rust versions 0.20.0 and earlier are impacted by REDHAT-BUG-2240110.

agent/references
agent/first-publish-date
agent/type
agent/severity
agent/description
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2023-43669
agent/last-modified-date
agent/source
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/tungstenite
canonical/tungstenite
vendor/rust
canonical/rust

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of REDHAT-BUG-2240110?
The severity of REDHAT-BUG-2240110 is critical as it allows remote attackers to cause a denial of service.
How do I fix REDHAT-BUG-2240110?
To fix REDHAT-BUG-2240110, upgrade Tungstenite to version 0.21.0 or later.
What versions are affected by REDHAT-BUG-2240110?
REDHAT-BUG-2240110 affects Tungstenite versions up to and including 0.20.0.
Can REDHAT-BUG-2240110 lead to data loss?
While REDHAT-BUG-2240110 primarily causes a denial of service, it does not directly lead to data loss.
Who is impacted by REDHAT-BUG-2240110?
Users of the Tungstenite crate for Rust versions 0.20.0 and earlier are impacted by REDHAT-BUG-2240110.