GSA_kwCzR0hTQS1xOHdjLWo1bTktMjd3M84AA1_5

High EPSS: 0.00185% (0.40838 Percentile) EPSS:

Permalink JSON

Denial of Service issue in quinn-proto

Affected Packages	Affected Versions	Fixed Versions
cargo:quinn-proto	< 0.9.5	0.9.5
41 Dependent packages 1,563 Dependent repositories 45,140,683 Downloads total Affected Version Ranges All affected versions 0.1.0, 0.2.0, 0.3.0, 0.4.0, 0.5.0, 0.5.2, 0.6.0, 0.6.1, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4 All unaffected versions 0.9.5, 0.9.6, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.10.6, 0.11.0, 0.11.1, 0.11.2, 0.11.3, 0.11.4, 0.11.5, 0.11.6, 0.11.7, 0.11.8, 0.11.9, 0.11.10, 0.11.11, 0.11.12

Impact

Receiving unknown QUIC frames in a QUIC packet could result in a panic.

Patches

The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases.

References

Fixed in https://github.com/quinn-rs/quinn/pull/1667, backported in https://github.com/quinn-rs/quinn/pull/1668 and https://github.com/quinn-rs/quinn/pull/1669.

References:

Identifiers

GHSA-q8wc-j5m9-27w3

CVE-2023-42805

Risk

Severity

High

EPSS

EPSS Percentage: 0.00185

EPSS Percentile: 0.40838

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/quinn-rs/quinn

Date and time

Published

almost 2 years ago

Updated

over 1 year ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories