13 matches found
EUVD-2024-3494
Malicious code in bioql PyPI...
quic-go affected by an ICMP Packet Too Large Injection Attack on Linux
...
Insufficient Verification Of Data Authenticity
quic-go is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to improper handling of ICMP "Packet Too Large" messages, allowing an off-path attacker to inject such packets and disrupt QUIC connections by setting the MTU to a value below the minimum threshold o...
quic-go: quic-go affected by an ICMP Packet Too Large Injection Attack on Linux
A vulnerability was found in Quic-Go where an attacker can inject malicious data into network packets, potentially allowing them to cause harm. The issue arises from a configuration option used by some affected versions of the code that sends out information about packet size limitations. As a...
quic-go affected by an ICMP Packet Too Large Injection Attack on Linux
Impact An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IPPMTUDISCDO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceeds the MTU claimed in that ICMP packet. By setting...
DEBIAN-CVE-2024-53259
quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IPPMTUDISCDO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceed...
AZL-53807 CVE-2024-53259 affecting package coredns for versions less than 1.11.1-16
quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IPPMTUDISCDO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceed...
AZL-53818 CVE-2024-53259 affecting package coredns for versions less than 1.11.4-1
quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IPPMTUDISCDO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceed...
UBUNTU-CVE-2024-53259
quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IPPMTUDISCDO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceed...
CVE-2024-53259
CVE-2024-53259 affects the quic-go QUIC implementation. An off-path attacker can inject an ICMP Packet Too Large when IP_PMTUDISC_DO is used, causing the kernel to return a “message too large” error on sendmsg if a QUIC packet exceeds the MTU claimed in the ICMP message. This can disrupt a QUIC c...
CVE-2024-53259 quic-go affected by an ICMP Packet Too Large Injection Attack on Linux
quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IPPMTUDISCDO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceed...
quic-go 数据伪造问题漏洞
quic-go is an implementation of the QUIC protocol, RFC 9000 protocol in Go by Lucas Clemente, a personal developer. A data forgery issue vulnerability exists in versions of quic-go prior to v0.48.1, which stems from the mishandling of ICMP Packet Too Large messages, and could allow an out-of-path...
PT-2024-9120 · Quic-Go +1 · Quic-Go +1
Name of the Vulnerable Software and Affected Versions: quic-go versions prior to 0.48.2 Description: An off-path attacker can inject an ICMP Packet Too Large packet, disrupting a QUIC connection by setting the MTU value to smaller than 1200 bytes. This can be done after the handshake completion,...