CVE-2024-28854 – This vulnerability allows attackers to perform ... (How to Fix)

Q: What is the severity of CVE-2024-28854?

CVE-2024-28854 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to perform a Slowloris-style denial-of-service attack against services using tls-listener with default configuration. By opening multiple TCP connections without completing TLS handshakes, attackers can exhaust connection limits and make services unavailable. This affects any publicly accessible service using tls-listener versions prior to 0.10.0 with default settings.

📋 TL;DR

This vulnerability allows attackers to perform a Slowloris-style denial-of-service attack against services using tls-listener with default configuration. By opening multiple TCP connections without completing TLS handshakes, attackers can exhaust connection limits and make services unavailable. This affects any publicly accessible service using tls-listener versions prior to 0.10.0 with default settings.

💻 Affected Systems

Products:

tls-listener

Versions: All versions prior to 0.10.0

Operating Systems: All platforms running Rust applications using tls-listener

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects services using TlsListener::new() with default configuration; custom configurations may not be vulnerable.

📦 What is this software?

Tls Listener by Tmccombs

View all CVEs affecting Tls Listener →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service unavailability for legitimate users due to connection exhaustion, potentially causing business disruption or downtime.

🟠

Likely Case

Service degradation or intermittent availability issues under attack, with legitimate users experiencing connection failures or timeouts.

🟢

If Mitigated

Minimal impact with proper connection limits and monitoring in place; services remain available with potential slight performance impact during attacks.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Slowloris attacks are well-known and easy to implement; the advisory mentions specific attack parameters (6.4 connections/second).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.10.0

Vendor Advisory: https://github.com/tmccombs/tls-listener/security/advisories/GHSA-2qph-qpvm-2qf7

Restart Required: Yes

Instructions:

1. Update Cargo.toml to specify tls-listener version '0.10.0' or higher. 2. Run 'cargo update'. 3. Rebuild and redeploy your application. 4. Restart affected services.

🔧 Temporary Workarounds

Increase max_handshakes limit

all

Manually configure Builder::max_handshakes with a large value to prevent connection exhaustion

// In Rust code: TlsListener::builder().max_handshakes(usize::MAX).build(listener)

🧯 If You Can't Patch

Implement network-level rate limiting or connection limiting at load balancer/firewall
Deploy DDoS protection services or WAF with Slowloris mitigation capabilities

🔍 How to Verify

Check if Vulnerable:

Check Cargo.toml or Cargo.lock for tls-listener dependency version; if version is <0.10.0 and using default TlsListener::new(), service is vulnerable.

Check Version:

grep 'tls-listener' Cargo.lock | grep version

Verify Fix Applied:

Verify tls-listener version is 0.10.0 or higher in Cargo.lock and that services are restarted with updated binaries.

📡 Detection & Monitoring

Log Indicators:

High number of incomplete TLS handshakes
Connection timeouts or refusals
Unusual patterns of connections from single IPs

Network Indicators:

Multiple TCP connections opened but no data transferred
Sustained low-rate connection attempts from single sources
TLS handshake initiation without completion

SIEM Query:

source="network_logs" | where connection_state="initiated" AND tls_handshake="incomplete" | stats count by src_ip | where count > threshold

📊 Metadata

CVE ID: CVE-2024-28854

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

Published: March 15, 2024

Last Updated: April 9, 2025

🔗 References

https://en.wikipedia.org/wiki/Slowloris_(computer_security) Product
https://github.com/tmccombs/tls-listener/commit/d5a7655d6ea9e53ab57c3013092c5576da964bc4 Patch
https://github.com/tmccombs/tls-listener/security/advisories/GHSA-2qph-qpvm-2qf7 Exploit,Mitigation,Third Party Advisory
https://en.wikipedia.org/wiki/Slowloris_(computer_security) Product
https://github.com/tmccombs/tls-listener/commit/d5a7655d6ea9e53ab57c3013092c5576da964bc4 Patch
https://github.com/tmccombs/tls-listener/security/advisories/GHSA-2qph-qpvm-2qf7 Exploit,Mitigation,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-28854, you might also want to check these: