Headline
GHSA-hxq4-mx37-fqvg: s2n-quic potential denial of service vulnerability when receiving empty UDP packets
Impact
An issue in s2n-quic results in the endpoint shutting down after receiving an empty UDP packet on a connection.
No AWS services are affected by this issue and customers of AWS services do not need to take action. Applications using s2n-quic should upgrade their application to the most recent release of s2n-quic.
Impacted version: s2n-quic v1.22.0.
Patches
The patch is included in s2n-quic v1.23.0.
If you have any questions or comments about this advisory we ask that you contact AWS/Amazon Security via our vulnerability reporting page or directly via email to [email protected]. Please do not create a public GitHub issue.
Package
cargo s2n-quic (Rust)
Affected versions
= 1.22.0
Description
Impact
An issue in s2n-quic results in the endpoint shutting down after receiving an empty UDP packet on a connection.
No AWS services are affected by this issue and customers of AWS services do not need to take action. Applications using s2n-quic should upgrade their application to the most recent release of s2n-quic.
Impacted version: s2n-quic v1.22.0.
Patches
The patch is included in s2n-quic v1.23.0.
If you have any questions or comments about this advisory we ask that you contact AWS/Amazon Security via our vulnerability reporting page or directly via email to [email protected]. Please do not create a public GitHub issue.
References
- GHSA-hxq4-mx37-fqvg
- aws/s2n-quic@4b1d417
- https://github.com/aws/s2n-quic/releases/tag/v1.23.0
Published to the GitHub Advisory Database
Jun 30, 2023
Last updated
Jun 30, 2023