Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yZmhnLXJqZnAtOXE4cc4AA03d
Potential denial of service after connection migration
Impact
An issue in s2n-quic results in the endpoint shutting down due to a combination of peer-initiated connection migration and duplicate new connection ID frames being received. No AWS services are affected by this issue, and customers of AWS services do not need to take action.
Impacted versions: <=v1.24.0
Patches
The patch is included in v1.25.0.
Workarounds
There is no workaround. Applications using s2n-quic should upgrade their application to the most recent release of s2n-quic.
If you have any questions or comments about this advisory we ask that you contact AWS/Amazon Security via our vulnerability reporting page or directly via email to [email protected]. Please do not create a public GitHub issue.
Permalink: https://github.com/advisories/GHSA-rfhg-rjfp-9q8qJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yZmhnLXJqZnAtOXE4cc4AA03d
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 1 year ago
Updated: over 1 year ago
Identifiers: GHSA-rfhg-rjfp-9q8q
References:
- https://github.com/aws/s2n-quic/security/advisories/GHSA-rfhg-rjfp-9q8q
- https://github.com/aws/s2n-quic/commit/73a814240c5db6fae261a6e4ab567b0b094a35db
- https://github.com/advisories/GHSA-rfhg-rjfp-9q8q
Blast Radius: 0.0
Affected Packages
cargo:s2n-quic
Dependent packages: 8Dependent repositories: 9
Downloads: 137,516 total
Affected Version Ranges: <= 1.24.0
Fixed in: 1.25.0
All affected versions: 0.0.0, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 1.6.1, 1.7.0, 1.8.0, 1.9.0, 1.9.1, 1.9.2, 1.10.0, 1.11.0, 1.12.0, 1.13.0, 1.14.0, 1.15.0, 1.16.0, 1.17.1, 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.22.0, 1.23.0, 1.24.0
All unaffected versions: 1.25.0, 1.26.0, 1.27.0, 1.28.0, 1.29.0, 1.30.0, 1.31.0, 1.32.0, 1.33.0, 1.34.0, 1.35.0, 1.35.1, 1.36.0, 1.37.0, 1.38.1, 1.39.0, 1.40.0, 1.41.0, 1.42.0, 1.43.0, 1.44.0, 1.44.1, 1.45.0, 1.46.0, 1.47.0, 1.48.0, 1.49.0, 1.50.0, 1.51.0