CVE-2023-6180 – Resource exhaustion via memory leak in tokio-boring

https://notcve.org/view.php?id=CVE-2023-6180

05 Dec 2023 — The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion. The set_ex_data function used by the library did not deallocate memory used by pre-existing data in memory each time after completing a TLS connection causing the program to consume more resources with each new connection. La librería tokio-boring en la versión 4.0.0 se ve afectada por un problema de pérdida de memoria que puede provocar un co... • https://github.com/cloudflare/boring/security/advisories/GHSA-pjrj-h4fg-6gm4 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime CWE-404: Improper Resource Shutdown or Release •