High severityNVD Advisory· Published Sep 21, 2023· Updated Sep 24, 2024
quinn-proto Denial of Service vulnerability
CVE-2023-42805
Description
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
quinn-protocrates.io | < 0.9.5 | 0.9.5 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/advisories/GHSA-q8wc-j5m9-27w3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-42805ghsaADVISORY
- github.com/quinn-rs/quinn/pull/1667ghsax_refsource_MISCWEB
- github.com/quinn-rs/quinn/pull/1668ghsax_refsource_MISCWEB
- github.com/quinn-rs/quinn/pull/1669ghsax_refsource_MISCWEB
- github.com/quinn-rs/quinn/security/advisories/GHSA-q8wc-j5m9-27w3ghsax_refsource_CONFIRMWEB
- rustsec.org/advisories/RUSTSEC-2023-0063.htmlghsaWEB
News mentions
0No linked articles in our index yet.