CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
16.3%
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. As of quinn-proto 0.11, it is possible for a server to accept()
, retry()
, refuse()
, or ignore()
an Incoming
connection. However, calling retry()
on an unvalidated connection exposes the server to a likely panic in the following situations: 1. Calling refuse
or ignore
on the resulting validated connection, if a duplicate initial packet is received. This issue can go undetected until a server’s refuse()
/ignore()
code path is exercised, such as to stop a denial of service attack. 2. Accepting when the initial packet for the resulting validated connection fails to decrypt or exhausts connection IDs, if a similar initial packet that successfully decrypts and doesn’t exhaust connection IDs is received. This issue can go undetected if clients are well-behaved. The former situation was observed in a real application, while the latter is only theoretical.
[
{
"vendor": "quinn-rs",
"product": "quinn",
"versions": [
{
"version": ">= 0.11.0, < 0.11.7",
"status": "affected"
}
]
}
]