Unlimited Resource Allocation Vulnerability Affects Cloudflare Quiche
CVE-2024-1765

5.9MEDIUM

Key Information:

Vendor: Cloudflare
Status: Quiche
Vendor: CVE Published:; 12 March 2024

What is CVE-2024-1765?

Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client. A remote attacker could take advantage of this vulnerability by repeatedly sending an unlimited number of 1-RTT CRYPTO frames after previously completing the QUIC handshake. Exploitation was possible for the duration of the connection which could be extended by the attacker. quiche 0.19.2 and 0.20.1 are the earliest versions containing the fix for this issue.

Affected Version(s)

quiche Rust 0.15.0

quiche Rust 0.20.0

References

https://github.com/cloudflare/quiche/security/advisories/...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 12, 2024
Vulnerability Reserved
Feb 22, 2024

Credit

Marten Seeman (@marten-seemann)