Denial of Service issue in quinn-proto

High

djc published GHSA-q8wc-j5m9-27w3

Sep 21, 2023

Package

quinn-proto (Rust)

Affected versions

< 0.9.5

Patched versions

0.9.5, 0.10.5

Description

Impact

Receiving unknown QUIC frames in a QUIC packet could result in a panic.

Patches

The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases.

References

Fixed in #1667, backported in #1668 and #1669.

Severity

High

7.5

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H