CVE-2023-38171
HIGH7.5EPSS 8.3%Microsoft QUIC Denial of Service Vulnerability
Published: 10/10/2023Modified: 5/20/2025
Description
Microsoft QUIC Denial of Service Vulnerability
Affected packages (4)
- Bitnami/dotnet>= 7.0.0, < 7.0.12
- Bitnami/dotnet-sdk>= 7.0.0, < 7.0.12
- NuGet/Microsoft.Native.Quic.MsQuic.OpenSSLfrom 0, < 2.2.3
- NuGet/Microsoft.Native.Quic.MsQuic.Schannelfrom 0, < 2.2.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-38171
- PATCHhttps://github.com/microsoft/msquic
- WEBhttps://github.com/microsoft/msquic/commit/3226cff07d22662f16fc98d605656860e64cd343
- WEBhttps://github.com/microsoft/msquic/security/advisories/GHSA-xh5m-8qqp-c5x7
- WEBhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171