4 matches found
CVE-2024-45311
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. As of quinn-proto 0.11, it is possible for a server to accept, retry, refuse, or ignore an Incoming connection. However, calling retry on an unvalidated connection exposes the server to a likely panic in th...
CVE-2024-45311 Denial of service in quinn-proto when using `Endpoint::retry()`
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. As of quinn-proto 0.11, it is possible for a server to accept, retry, refuse, or ignore an Incoming connection. However, calling retry on an unvalidated connection exposes the server to a likely panic in th...
CVE-2024-45311
The CVE describes a DoS vulnerability in Quinn’s quinn-proto (v0.11) where calling retry() on an unvalidated connection can cause a panic in certain code paths (e.g., when refute/ignore on the validated connection have a duplicate initial packet, or when decrypting/exhausting connection IDs fails...
CVE-2024-45311 Denial of service in quinn-proto when using `Endpoint::retry()`
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. As of quinn-proto 0.11, it is possible for a server to accept, retry, refuse, or ignore an Incoming connection. However, calling retry on an unvalidated connection exposes the server to a likely panic in th...