Описание
Denial of Service issue in quinn-proto
Impact
Receiving unknown QUIC frames in a QUIC packet could result in a panic.
Patches
The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases.
References
Fixed in https://github.com/quinn-rs/quinn/pull/1667, backported in https://github.com/quinn-rs/quinn/pull/1668 and https://github.com/quinn-rs/quinn/pull/1669.
Ссылки
- https://github.com/quinn-rs/quinn/security/advisories/GHSA-q8wc-j5m9-27w3
- https://nvd.nist.gov/vuln/detail/CVE-2023-42805
- https://github.com/quinn-rs/quinn/pull/1667
- https://github.com/quinn-rs/quinn/pull/1668
- https://github.com/quinn-rs/quinn/pull/1669
- https://rustsec.org/advisories/RUSTSEC-2023-0063.html
Пакеты
quinn-proto
< 0.9.5
0.9.5
Связанные уязвимости
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases.
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases.
quinn-proto is a state machine for the QUIC transport protocol. Prior ...