How severe is CVE-2024-28854?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-28854?

This is classified as CWE-400, which is a common weakness in software security.

CVE-2024-28854 - HIGH Severity | CVSS 7.5

Vulnerability Description

tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 `TcpStream`s a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using `TlsListener::new()` vulnerable to a slow-loris DoS attack. This impacts any publicly accessible service using the default configuration of tls-listener in versions prior to 0.10.0. Users are advised to upgrade. Users unable to upgrade may mitigate this by passing a large value, such as `usize::MAX` as the parameter to `Builder::max_handshakes`.

Related Vulnerabilities

CVE-2001-0827

HIGH

CVSS:7.5(High)

Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a denial of service (crash) via a large number of "PASV" requests.

CWE-4002001

CVE-2002-20001

HIGH

CVSS:7.5(High)

The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-expo...

CWE-4002002

CVE-2006-1364

HIGH

CVSS:7.5(High)

Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (...

CWE-4002006

CVE-2006-5708

HIGH

CVSS:7.5(High)

Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause a denial of service (memory consumption) via unspecified vectors resu...

CWE-4002006

CVE-2006-6025

HIGH

CVSS:7.5(High)

QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a denial of service, as demonstrated by a certain module in VulnDisco Pack. NOTE: The provenance of this information is unknown; the deta...

CWE-4002006

CVE-2007-20001

HIGH

CVSS:7.5(High)

A flaw was found in StarWind iSCSI target. An attacker could script standard iSCSI Initiator operation(s) to exhaust the StarWind service socket, which could lead to denial of service. This affects iS...

CWE-4002007