GoogleOSV:RUSTSEC-2024-0373`Endpoint::retry()` calls can lead to panicking
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
In 0.11.0, we overhauled the server-side Endpoint implementation to enable
more careful handling of incoming connection attempts. However, some of the
code paths that cleaned up state after connection attempts were processed
confused the initial destination connection ID with the destination connection
ID of a substantial package. This resulted in the internal Endpoint state
becoming inconsistent, which could then lead to a panic.
https://github.com/quinn-rs/quinn/commit/e01609ccd8738bd438d86fa7185a0f85598cb58f
Thanks to @finbear for reporting and investingating,
and to @BiagoFesta for coordinating.
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low