[GHSA-6g7w-8wpp-frhj] Infinite loop in rustls::conn::ConnectionCommon::complete_io() with proper client input

[NxPKG]

Updates

• Affected products
• Description
• Summary

Comments
To mitigate this vulnerability, users are advised to update to a patched version of the Rustls library. Versions 0.22 and 0.23 contain fixes for this issue and are recommended for use. Additionally, server administrators should implement appropriate rate limiting and connection timeouts to mitigate the impact of potential DoS attacks.

[github]

Hi there @Taowyoo and @ctz! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository.

This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory

[Taowyoo]

The rename of title LGTM, new name is clearer.

I only have concern about if it's fine to simplifying the python script for reproducing the original vulnerability. I would suggest keeping those binary data there or leaving a comment to tell reader to check version listed in your project repository for the full script.

[darakian]

I'm accepting this change but only for the updated title based on @Taowyoo 's comment. Automation is broken so, the changes have been made out of band