Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
fs2: Half-shutdown of socket during TLS handshake may result in spin loop on opposite side
Vulnerability Description
fs2 is a compositional, streaming I/O library for Scala. Versions up to and including 2.5.12, 3.0.0-M1 through 3.12.2, and 3.13.0-M1 through 3.13.0-M6 are vulnerable to denial of service attacks though TLS sessions using fs2-io on the JVM using the fs2.io.net.tls package. When establishing a TLS session, if one side of the connection shuts down `write` while the peer side is awaiting more data to progress the TLS handshake, the peer side will spin loop on the socket read, fully utilizing a CPU. The CPU is consumed until the overall connection is closed, potentially shutting down a fs2-io powered server. This issue is fixed in versions 2.5.13, 3.12.1, and 3.13.0-M7.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
FS2 资源管理错误漏洞
Vulnerability Description
FS2是typelevel.scala开源的一个Scala的组合式流式I/O库。 FS2 3.12.2及之前版本和3.13.0-M1至3.13.0-M6版本存在资源管理错误漏洞,该漏洞源于TLS会话处理不当,可能导致拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A