QUIC Protocol Implementation Vulnerable to Denial-of-Service Attack
CVE-2024-45396

7.5HIGH

Key Information:

Vendor: H2o
Status: Quicly
Vendor: CVE Published:; 11 October 2024

What is CVE-2024-45396?

Quicly, an IETF QUIC protocol implementation developed by H2O, exhibits a vulnerability that is susceptible to denial-of-service attacks. Hackers can exploit this flaw to trigger assert failures, resulting in crashes for processes utilizing Quicly. This renders the service temporarily inoperable, impacting users and clients relying on its functionality. The issue has been addressed in the code with commit 2a95896104901589c495bc41460262e64ffcad5c, which rectifies the underlying causes of the vulnerability.

Affected Version(s)

quicly < 2a95896104901589c495bc41460262e64ffcad5c

References

https://github.com/h2o/quicly/security/advisories/GHSA-mp...

x_refsource_CONFIRM

https://github.com/h2o/quicly/commit/2a95896104901589c495...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2024
Vulnerability Reserved
Aug 28, 2024

H2o

What is CVE-2024-45396?

Affected Version(s)

References

CVSS V3.1

Timeline