CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
As of quinn-proto 0.11, it is possible for a server to accept()
, retry()
, refuse()
, or ignore()
an Incoming
connection. However, calling retry()
on an unvalidated connection exposes the server to a likely panic in the following situations:
refuse
or ignore
on the resulting validated connection, if a duplicate initial packet is received
refuse()
/ignore()
code path is exercised, such as to stop a denial of service attack.The former situation was observed in a real application, while the latter is only theoretical.
Location of panic: https://github.com/quinn-rs/quinn/blob/bb02a12a8435a7732a1d762783eeacbb7e50418e/quinn-proto/src/endpoint.rs#L213
Denial of service for internet-facing server
Vendor | Product | Version | CPE |
---|---|---|---|
quinn_project | quinn | * | cpe:2.3:a:quinn_project:quinn:*:*:*:*:*:rust:*:* |
github.com/advisories/GHSA-vr26-jcq5-fjj8
github.com/quinn-rs/quinn
github.com/quinn-rs/quinn/blob/bb02a12a8435a7732a1d762783eeacbb7e50418e/quinn-proto/src/endpoint.rs#L213
github.com/quinn-rs/quinn/commit/e01609ccd8738bd438d86fa7185a0f85598cb58f
github.com/quinn-rs/quinn/security/advisories/GHSA-vr26-jcq5-fjj8
nvd.nist.gov/vuln/detail/CVE-2024-45311
rustsec.org/advisories/RUSTSEC-2024-0373.html