CVE-2023-42805
HIGH7.5EPSS 0.25%Denial of service in Quinn servers
Published: 9/21/2023Modified: 2/10/2024
Description
Receiving QUIC frames containing a frame with unknown frame type could lead to a panic. Unfortunately this is issue was not found by our fuzzing infrastructure. Thanks to the QUIC Tester research group for reporting this issue.
Affected packages (3)
- crates.io/quinn-protofrom 0, < 0.9.5
- crates.io/quinn-proto>= 0.0.0-0, < 0.9.5, >= 0.10.0-0, < 0.10.5
- Debian/rust-quinn-protofrom 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References (9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-42805
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2023-42805
- PATCHhttps://crates.io/crates/quinn-proto
- PATCHhttps://github.com/quinn-rs/quinn
- WEBhttps://github.com/quinn-rs/quinn/pull/1667
- WEBhttps://github.com/quinn-rs/quinn/pull/1668
- WEBhttps://github.com/quinn-rs/quinn/pull/1669
- WEBhttps://github.com/quinn-rs/quinn/security/advisories/GHSA-q8wc-j5m9-27w3
- WEBhttps://rustsec.org/advisories/RUSTSEC-2023-0063.html