All rustls CVEs — Complete Vulnerability History
rustls is a pure-Rust TLS implementation that's an alternative to the openssl crate. Its main CVE is CVE-2024-32650 — an infinite loop in certificate chain parsing.
Rust
N/A weekly downloads
1 CVE total
Full CVE history
| CVE | Year | Severity | Description | Fix |
|---|---|---|---|---|
| CVE-2024-32650 | 2024 | HIGH | Infinite loop via crafted TLS certificate chain | Fixed 0.23.5 |
Current safe version: 0.23.5
# Before
"rustls = "0.21.6"
# After
"rustls = "0.23.5"
Then run: cargo update
Paste your manifest — see your exact versions against the full CVE history.
Scan with PackageFix →Free · No signup · No CLI · Runs in your browser
Common questions
Is rustls safer than openssl?
rustls has fewer CVEs and no C FFI layer. Memory safety vulnerabilities are impossible by construction. The tradeoff is feature completeness — rustls doesn't support all OpenSSL features. For most TLS use cases, rustls is the safer choice.
Does CVE-2024-32650 affect rustls clients and servers?
Both — any connection that processes a server's TLS certificate can trigger the infinite loop if the certificate chain is crafted to exploit the parsing bug.