GHSA-rp9h-rf7g-hwgr: 
Rust vulnerability analysis and mitigation

The vulnerability (GHSA-rp9h-rf7g-hwgr) affects s2n-tls library versions prior to v1.5.9, discovered and disclosed on November 14, 2024. The issue involves undefined behavior at process exit in the s2n-tls library, specifically affecting the Linux atexit function implementation used for cleaning up global state (GitHub Advisory).

The vulnerability stems from s2n-tls's use of the Linux atexit function to register cleanup functions for global state management during process termination. In multi-threaded environments, the atexit handler may attempt to clean up state that is still being used by other active threads, potentially leading to segmentation faults or other undefined behavior (GitHub Advisory). The issue has been assigned a Low severity rating.

When triggered, this vulnerability can cause the exiting process to experience segmentation faults or other undefined behavior in multi-threaded environments. The impact is particularly relevant when the atexit handler attempts to clean up state still in use by other threads (GitHub Advisory).

The vulnerability has been patched in s2n-tls version 1.5.9 with commit 493b771. For users unable to upgrade immediately, a workaround is available by calling s2ndisableatexit() prior to initializing s2n-tls. In the patched versions, the atexit handler is disabled by default. Users are recommended to upgrade to the most recent release of s2n-tls (GitHub Release).