Headline
GHSA-q8wc-j5m9-27w3: Denial of Service issue in quinn-proto
Impact
Receiving unknown QUIC frames in a QUIC packet could result in a panic.
Patches
The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases.
References
Fixed in https://github.com/quinn-rs/quinn/pull/1667, backported in https://github.com/quinn-rs/quinn/pull/1668 and https://github.com/quinn-rs/quinn/pull/1669.
Denial of Service issue in quinn-proto
High severity GitHub Reviewed Published Sep 21, 2023 in quinn-rs/quinn • Updated Sep 21, 2023
Related news
CVE-2023-42805: Denial of Service issue in quinn-proto
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases.