DEBIAN-CVE-2023-43669

DEBIAN-CVE-2023-43669 PUBLISHED CVSS 7.5 HIGH

The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of times) and the average amount of data for each parse attempt (e.g., millions of bytes).

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:13	rust-tungstenite	0, 0, 0
Debian:14	rust-tungstenite	0, 0, 0

Timeline

Sep 21, 2023 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2023-43669 advisory

Open in Interactive Console →