Denial of Service issue in quinn-proto · CVE-2023-42805 · GitHub Advisory Database · GitHub

Denial of Service issue in quinn-proto

High severity GitHub Reviewed Published Sep 21, 2023 in quinn-rs/quinn • Updated Nov 4, 2023

Package

quinn-proto (Rust)

Affected versions

< 0.9.5

Patched versions

0.9.5

Description

Impact

Receiving unknown QUIC frames in a QUIC packet could result in a panic.

Patches

The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases.

References

Fixed in quinn-rs/quinn#1667, backported in quinn-rs/quinn#1668 and quinn-rs/quinn#1669.

References

djc published to quinn-rs/quinn

Sep 21, 2023

Published by the National Vulnerability Database

Sep 21, 2023

Published to the GitHub Advisory Database Sep 21, 2023

Reviewed Sep 21, 2023

Last updated Nov 4, 2023

Severity

High

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H