GHSA-hqqc-jr88-p6x2

Опубликовано: 31 мар. 2025

Источник: github

Github: Прошло ревью

CVSS3: 5.3

Описание

Netty QUIC hash collision DoS attack

An issue was discovered in the codec. A hash collision vulnerability (in the hash map used to manage connections) allows remote attackers to cause a considerable CPU load on the server (a Hash DoS attack) by initiating connections with colliding Source Connection IDs (SCIDs).

See https://github.com/ncc-pbottine/QUIC-Hash-Dos-Advisory

Ссылки

Пакеты

Наименование

io.netty.incubator:netty-incubator-codec-quic

maven

Затронутые версииВерсия исправления

< 0.0.71.Final

0.0.71.Final

EPSS

Процентиль: 65%

0.00488

Низкий

5.3 Medium

CVSS3

CVE ID

CVE-2025-29908

Дефекты

CWE-407

Связанные уязвимости

CVE-2025-29908

CVSS3: 5.3

nvd

10 месяцев назад

Netty QUIC codec is a QUIC codec for netty which makes use of quiche. An issue was discovered in the codec. A hash collision vulnerability (in the hash map used to manage connections) allows remote attackers to cause a considerable CPU load on the server (a Hash DoS attack) by initiating connections with colliding Source Connection IDs (SCIDs). This vulnerability is fixed in 0.0.71.Final.

EPSS

Процентиль: 65%

0.00488

Низкий

5.3 Medium

CVSS3

CVE ID

CVE-2025-29908

Дефекты

CWE-407