Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-pjrj-h4fg-6gm4

GitHub Security Advisory

tokio-boring vulnerable to resource exhaustion via memory leak

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact
The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion. The `set_ex_data` function used by the library did not deallocate memory used by pre-existing data in memory each time after completing a TLS connection causing the program to consume more resources with each new connection.

### Patches
The issue is fixed in version 4.1.0 of tokio-boring.

### References
[CVE-2023-6180 at cve.org](https://www.cve.org/CVERecord?id=CVE-2023-6180)

Affected Packages

crates.io tokio-boring
Affected versions: 4.0.0 (fixed in 4.1.0)

Related CVEs

CVE-2023-6180

Key Information

GHSA ID
GHSA-pjrj-h4fg-6gm4
Published
December 5, 2023 11:42 PM
Last Modified
December 5, 2023 11:42 PM
CVSS Score
5.0 /10
Primary Ecosystem
crates.io
Primary Package
tokio-boring
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 11, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.