This package has limited bug data (2 entries). Check back later or see the package health page for the full signal.
tokio-rustls known bugs
cargo2 known bugs in tokio-rustls, with affected versions, fixes and workarounds. Sourced from upstream issue trackers.
2
bugs
Known bugs
| Severity | Affected | Fixed in | Title | Status | Source |
|---|---|---|---|---|---|
| high | 0.12.0 | 0.12.3 | Excessive memory usage in tokio-rustls tokio-rustls does not call process_new_packets immediately after read, so the expected termination condition wants_read always returns true. As long as new incoming data arrives faster than it is processed and the reader does not return pending, data will be buffered. This may cause DoS. | fixed | osv:GHSA-2jfv-g3fh-xq3v |
| medium | 0.13.0 | 0.13.1 | tokio-rustls reads may cause excessive memory usage `tokio-rustls` does not call `process_new_packets` immediately after `read`,
so the expected termination condition `wants_read` always returns true.
As long as new incoming data arrives faster than it is processed
and the reader does not return pending, data will be buffered.
This may cause DoS. | fixed | osv:RUSTSEC-2020-0019 |
API access
Get this data programmatically \u2014 free, no authentication.
curl https://depscope.dev/api/bugs/cargo/tokio-rustls