CVE-2026-31812
Description
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed quic_transport_parameters. In quinn-proto parsing logic, attacker-controlled varints are decoded with unwrap(), so truncated encodings cause Err(UnexpectedEnd) and panic. This is reachable over the network with a single packet and no prior trust or authentication. This vulnerability is fixed in 0.11.14.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
quinn-protocrates.io | < 0.11.14 | 0.11.14 |
Affected products
88- osv-coords88 versionspkg:apk/chainguard/asciinemapkg:apk/chainguard/bergpkg:apk/chainguard/cargo-auditpkg:apk/chainguard/fnmpkg:apk/chainguard/garage-2pkg:apk/chainguard/komodo-clipkg:apk/chainguard/komodo-corepkg:apk/chainguard/komodo-peripherypkg:apk/chainguard/lycheepkg:apk/chainguard/nushellpkg:apk/chainguard/nushell-pluginspkg:apk/chainguard/parseablepkg:apk/chainguard/pixipkg:apk/chainguard/py3.10-hf-xetpkg:apk/chainguard/py3.11-hf-xetpkg:apk/chainguard/py3.12-hf-xetpkg:apk/chainguard/py3.13-hf-xetpkg:apk/chainguard/qdrantpkg:apk/chainguard/samplypkg:apk/chainguard/sccachepkg:apk/chainguard/uvpkg:apk/chainguard/vectorpkg:apk/chainguard/wadmpkg:apk/chainguard/washpkg:apk/chainguard/wasmcloudpkg:apk/chainguard/xhpkg:apk/chainguard/zedpkg:apk/chainguard/zizmorpkg:apk/chainguard/zolapkg:apk/wolfi/bergpkg:apk/wolfi/cargo-auditpkg:apk/wolfi/lycheepkg:apk/wolfi/nushellpkg:apk/wolfi/nushell-pluginspkg:apk/wolfi/parseablepkg:apk/wolfi/pixipkg:apk/wolfi/py3.10-hf-xetpkg:apk/wolfi/py3.11-hf-xetpkg:apk/wolfi/py3.12-hf-xetpkg:apk/wolfi/py3.13-hf-xetpkg:apk/wolfi/qdrantpkg:apk/wolfi/samplypkg:apk/wolfi/sccachepkg:apk/wolfi/uvpkg:apk/wolfi/vectorpkg:apk/wolfi/wadmpkg:apk/wolfi/washpkg:apk/wolfi/wasmcloudpkg:apk/wolfi/xhpkg:apk/wolfi/zedpkg:apk/wolfi/zizmorpkg:apk/wolfi/zolapkg:cargo/quinn-protopkg:rpm/opensuse/python-uv&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rust1.92&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/rust1.92&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rust1.93&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/rust1.93&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rust1.94&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/rust1.94&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/rust1.94&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rust&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/python-uv&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/python-uv&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/rust1.92&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/rust1.93&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/rust1.94&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/rust1.94&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/rust1.94&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/rust1.94&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/rust1.94&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/rust1.94&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/rust1.94&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/rust1.94&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/rust1.94&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/rust1.94&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/rust1.94&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/rust&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/rust&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/rust&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/rust&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/rust&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/rust&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/rust&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/rust&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/rust&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/rust&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/rust&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6
< 3.2.0-r1+ 87 more
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 0.5.5-r2
- (no CPE)range: < 0.22.1-r3
- (no CPE)range: < 1.39.0-r1
- (no CPE)range: < 2.3.0-r2
- (no CPE)range: < 1.19.5-r5
- (no CPE)range: < 1.19.5-r5
- (no CPE)range: < 1.19.5-r5
- (no CPE)range: < 0.23.0-r2
- (no CPE)range: < 0.111.0-r4
- (no CPE)range: < 0.111.0-r4
- (no CPE)range: < 2.5.14-r2
- (no CPE)range: < 0.65.0-r2
- (no CPE)range: < 1.4.0-r1
- (no CPE)range: < 1.4.0-r1
- (no CPE)range: < 1.4.0-r1
- (no CPE)range: < 1.4.0-r1
- (no CPE)range: < 1.17.0-r2
- (no CPE)range: < 0.13.1-r10
- (no CPE)range: < 0.14.0-r2
- (no CPE)range: < 0.10.9-r1
- (no CPE)range: < 0.54.0-r3
- (no CPE)range: < 0.21.1-r5
- (no CPE)range: < 0.39.0-r9
- (no CPE)range: < 1.9.2-r2
- (no CPE)range: < 0.25.3-r4
- (no CPE)range: < 0.226.5-r1
- (no CPE)range: < 1.23.1-r2
- (no CPE)range: < 0.22.1-r3
- (no CPE)range: < 0.5.5-r2
- (no CPE)range: < 0.22.1-r3
- (no CPE)range: < 0.23.0-r2
- (no CPE)range: < 0.111.0-r4
- (no CPE)range: < 0.111.0-r4
- (no CPE)range: < 2.5.14-r2
- (no CPE)range: < 0.65.0-r2
- (no CPE)range: < 1.4.0-r1
- (no CPE)range: < 1.4.0-r1
- (no CPE)range: < 1.4.0-r1
- (no CPE)range: < 1.4.0-r1
- (no CPE)range: < 1.17.0-r2
- (no CPE)range: < 0.13.1-r10
- (no CPE)range: < 0.14.0-r2
- (no CPE)range: < 0.10.9-r1
- (no CPE)range: < 0.54.0-r3
- (no CPE)range: < 0.21.1-r5
- (no CPE)range: < 0.39.0-r9
- (no CPE)range: < 1.9.2-r2
- (no CPE)range: < 0.25.3-r4
- (no CPE)range: < 0.226.5-r1
- (no CPE)range: < 1.23.1-r2
- (no CPE)range: < 0.22.1-r3
- (no CPE)range: < 0.11.14
- (no CPE)range: < 0.10.11-1.1
- (no CPE)range: < 1.92.0-150300.7.6.1
- (no CPE)range: < 1.92.0-2.1
- (no CPE)range: < 1.93.0-150300.7.6.1
- (no CPE)range: < 1.93.0-3.1
- (no CPE)range: < 1.94.0-150300.7.6.1
- (no CPE)range: < 1.94.1-160000.1.1
- (no CPE)range: < 1.94.0-2.1
- (no CPE)range: < 1.94.0-150500.27.65.1
- (no CPE)range: < 0.7.18-160000.5.1
- (no CPE)range: < 0.7.18-160000.5.1
- (no CPE)range: < 1.92.0-150300.7.6.1
- (no CPE)range: < 1.93.0-150300.7.6.1
- (no CPE)range: < 1.94.0-150300.7.6.1
- (no CPE)range: < 1.94.0-150300.7.6.1
- (no CPE)range: < 1.94.0-150300.7.6.1
- (no CPE)range: < 1.94.0-150300.7.6.1
- (no CPE)range: < 1.94.0-150300.7.6.1
- (no CPE)range: < 1.94.0-150300.7.6.1
- (no CPE)range: < 1.94.0-150300.7.6.1
- (no CPE)range: < 1.94.0-150300.7.6.1
- (no CPE)range: < 1.94.0-150300.7.6.1
- (no CPE)range: < 1.94.0-150300.7.6.1
- (no CPE)range: < 1.94.0-150300.7.6.1
- (no CPE)range: < 1.94.0-150400.24.71.1
- (no CPE)range: < 1.94.0-150400.24.71.1
- (no CPE)range: < 1.94.0-150500.27.65.1
- (no CPE)range: < 1.94.0-150500.27.65.1
- (no CPE)range: < 1.94.0-150500.27.65.1
- (no CPE)range: < 1.94.0-150400.24.71.1
- (no CPE)range: < 1.94.0-150500.27.65.1
- (no CPE)range: < 1.94.0-150500.27.65.1
- (no CPE)range: < 1.94.0-150400.24.71.1
- (no CPE)range: < 1.94.0-150500.27.65.1
- (no CPE)range: < 1.94.0-150500.27.65.1
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.