CVE-2023-42805
HIGH7.5EPSS 0.25%Denial of service in Quinn servers
發布日:2023/9/21修改日:2024/2/10
描述
Receiving QUIC frames containing a frame with unknown frame type could lead to a panic. Unfortunately this is issue was not found by our fuzzing infrastructure. Thanks to the QUIC Tester research group for reporting this issue.
受影響套件(3)
- crates.io/quinn-protofrom 0, < 0.9.5
- crates.io/quinn-proto>= 0.0.0-0, < 0.9.5, >= 0.10.0-0, < 0.10.5
- Debian/rust-quinn-protofrom 0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
參考連結(9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-42805
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2023-42805
- PATCHhttps://crates.io/crates/quinn-proto
- PATCHhttps://github.com/quinn-rs/quinn
- WEBhttps://github.com/quinn-rs/quinn/pull/1667
- WEBhttps://github.com/quinn-rs/quinn/pull/1668
- WEBhttps://github.com/quinn-rs/quinn/pull/1669
- WEBhttps://github.com/quinn-rs/quinn/security/advisories/GHSA-q8wc-j5m9-27w3
- WEBhttps://rustsec.org/advisories/RUSTSEC-2023-0063.html