quinn-proto Denial of Service vulnerability
CVE-2023-42805

7.5HIGH

Key Information:

Vendor

Quinn-rs

Status
Quinn
Vendor
CVE Published:
21 September 2023

What is CVE-2023-42805?

The quinn-proto, a state machine implementing the QUIC transport protocol, is susceptible to a vulnerability where receiving unknown QUIC frames can lead to a system panic. This issue affects versions prior to 0.9.5 and 0.10.5. Users are encouraged to upgrade to these versions to ensure system stability and security. The vulnerability was identified and addressed in recent maintenance releases, following multiple pulls to enhance the protocol's robustness.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

quinn < 0.9.5 < 0.9.5

quinn >= 0.10.0, < 0.10.5 < 0.10.0, 0.10.5

References

https://github.com/quinn-rs/quinn/security/advisories/GHS...
x_refsource_CONFIRM
https://github.com/quinn-rs/quinn/pull/1667
x_refsource_MISC
https://github.com/quinn-rs/quinn/pull/1668
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.