Upstream information
Description
tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 `TcpStream`s a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using `TlsListener::new()` vulnerable to a slow-loris DoS attack. This impacts any publicly accessible service using the default configuration of tls-listener in versions prior to 0.10.0. Users are advised to upgrade. Users unable to upgrade may mitigate this by passing a large value, such as `usize::MAX` as the parameter to `Builder::max_handshakes`.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having not set severity.
No SUSE Bugzilla entries cross referenced. No SUSE Security Announcements cross referenced.List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Linux Enterprise Server 16.0 |
| Patchnames: SUSE Linux Enterprise Server 16.0 GA cargo-audit-advisory-db-20250304-160000.2.2 |
| openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2024-14009 |
SUSE Timeline for this CVE
CVE page created: Fri Mar 15 21:00:09 2024CVE page last modified: Sun Nov 2 14:04:55 2025