{"ecosystem":"cargo","package":"tokio-rustls","version":null,"bugs":[{"id":4588,"ecosystem":"cargo","package_name":"tokio-rustls","affected_version":"0.12.0","fixed_version":"0.12.3","bug_id":"osv:GHSA-2jfv-g3fh-xq3v","title":"Excessive memory usage in tokio-rustls","description":"tokio-rustls does not call process_new_packets immediately after read, so the expected termination condition wants_read always returns true. As long as new incoming data arrives faster than it is processed and the reader does not return pending, data will be buffered. This may cause DoS.","severity":"high","status":"fixed","source":"osv","source_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35875","labels":["CVE-2020-35875","RUSTSEC-2020-0019"],"created_at":"2026-04-26T03:01:25.608101+00:00","updated_at":"2026-04-26T03:01:25.608101+00:00"},{"id":4589,"ecosystem":"cargo","package_name":"tokio-rustls","affected_version":"0.13.0","fixed_version":"0.13.1","bug_id":"osv:RUSTSEC-2020-0019","title":"tokio-rustls reads may cause excessive memory usage","description":"`tokio-rustls` does not call `process_new_packets` immediately after `read`,\nso the expected termination condition `wants_read` always returns true.\nAs long as new incoming data arrives faster than it is processed\nand the reader does not return pending, data will be buffered.\n\nThis may cause DoS.","severity":"medium","status":"fixed","source":"osv","source_url":"https://crates.io/crates/tokio-rustls","labels":["CVE-2020-35875","GHSA-2jfv-g3fh-xq3v"],"created_at":"2026-04-26T03:01:25.610867+00:00","updated_at":"2026-04-26T03:01:25.610867+00:00"}],"total":2,"_cache":"miss"}