Количество 10
Количество 10
CVE-2024-22189
quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a `RETIRE_CONNECTION_ID` frame. The attacker can prevent the receiver from sending out (the vast majority of) these `RETIRE_CONNECTION_ID` frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. Version 0.42.0 contains a patch for the issue. No known workarounds are available.
CVE-2024-22189
quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a `RETIRE_CONNECTION_ID` frame. The attacker can prevent the receiver from sending out (the vast majority of) these `RETIRE_CONNECTION_ID` frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. Version 0.42.0 contains a patch for the issue. No known workarounds are available.
CVE-2024-22189
quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a `RETIRE_CONNECTION_ID` frame. The attacker can prevent the receiver from sending out (the vast majority of) these `RETIRE_CONNECTION_ID` frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. Version 0.42.0 contains a patch for the issue. No known workarounds are available.
CVE-2024-22189
CVE-2024-22189
quic-go is an implementation of the QUIC protocol in Go. Prior to vers ...
GHSA-c33x-xqrf-c478
QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack
BDU:2024-03135
Уязвимость реализации протокола QUIC библиотеки quic-go языка программирования go, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
openSUSE-SU-2024:0220-1
Security update for caddy
openSUSE-SU-2024:0211-1
Security update for caddy
openSUSE-SU-2024:0319-1
Security update for coredns
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-22189 quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a `RETIRE_CONNECTION_ID` frame. The attacker can prevent the receiver from sending out (the vast majority of) these `RETIRE_CONNECTION_ID` frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. Version 0.42.0 contains a patch for the issue. No known workarounds are available. | CVSS3: 7.5 | 0% Низкий | почти 2 года назад |
 | CVE-2024-22189 quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a `RETIRE_CONNECTION_ID` frame. The attacker can prevent the receiver from sending out (the vast majority of) these `RETIRE_CONNECTION_ID` frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. Version 0.42.0 contains a patch for the issue. No known workarounds are available. | CVSS3: 7.5 | 0% Низкий | почти 2 года назад |
 | CVE-2024-22189 quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a `RETIRE_CONNECTION_ID` frame. The attacker can prevent the receiver from sending out (the vast majority of) these `RETIRE_CONNECTION_ID` frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. Version 0.42.0 contains a patch for the issue. No known workarounds are available. | CVSS3: 7.5 | 0% Низкий | почти 2 года назад |
 | CVSS3: 7.5 | 0% Низкий | почти 2 года назад | |
| CVE-2024-22189 quic-go is an implementation of the QUIC protocol in Go. Prior to vers ... | CVSS3: 7.5 | 0% Низкий | почти 2 года назад |
| GHSA-c33x-xqrf-c478 QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack | CVSS3: 7.5 | 0% Низкий | почти 2 года назад |
 | BDU:2024-03135 Уязвимость реализации протокола QUIC библиотеки quic-go языка программирования go, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 0% Низкий | почти 2 года назад |
 | openSUSE-SU-2024:0220-1 Security update for caddy | больше 1 года назад | ||
| openSUSE-SU-2024:0211-1 Security update for caddy | больше 1 года назад | ||
| openSUSE-SU-2024:0319-1 Security update for coredns | больше 1 года назад |
Уязвимостей на страницу