CVE-2023-6180

CVSS V2 None CVSS V3 None

Description

The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion. The set_ex_data function used by the library did not deallocate memory used by pre-existing data in memory each time after completing a TLS connection causing the program to consume more resources with each new connection.

Overview

CVE ID
CVE-2023-6180

Assigner
cloudflare

Vulnerability Status
PUBLISHED

Published Version
2023-12-05T15:02:40.007Z

Last Modified Date
2023-12-05T15:02:40.007Z

Weakness Enumerations

CWE	URL
CWE-400	http://cwe.mitre.org/data/definitions/400.html
CWE-404	http://cwe.mitre.org/data/definitions/404.html

References

Reference URL	Reference Tags
https://github.com/cloudflare/boring/security/advisories/GHSA-pjrj-h4fg-6gm4

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-6180
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6180

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 06:03:59				Added to TrackCVE