Lucene search
K

12 matches found

OSV
OSV
added 2024/11/25 6:55 p.m.8 views

CVE-2024-52811 Acks not validated before logged to qlog leads to buffer overflow in ngtcp2

The ngtcp2 project is an effort to implement IETF QUIC protocol in C. In affected versions acks are not validated before being written to the qlog leading to a buffer overflow. In ngtcp2conn::connrecvpkt for an ACK, there was new logic that got added to skip connrecvack if an ack has already been...

8.2CVSS8.1AI score0.00802EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/11/25 6:55 p.m.8 views

CVE-2024-52811 Acks not validated before logged to qlog leads to buffer overflow in ngtcp2

The ngtcp2 project is an effort to implement IETF QUIC protocol in C. In affected versions acks are not validated before being written to the qlog leading to a buffer overflow. In ngtcp2conn::connrecvpkt for an ACK, there was new logic that got added to skip connrecvack if an ack has already been...

8.2CVSS7.3AI score0.00802EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2024/11/25 6:55 p.m.10 views

CVE-2024-52811

The ngtcp2 project is an effort to implement IETF QUIC protocol in C. In affected versions acks are not validated before being written to the qlog leading to a buffer overflow. In ngtcp2conn::connrecvpkt for an ACK, there was new logic that got added to skip connrecvack if an ack has already been...

8.2CVSS7AI score0.00802EPSS
Exploits0
NVD
NVD
added 2024/10/11 3:15 p.m.12 views

CVE-2024-45396

Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using quicly. The vulnerability is addressed with commit...

7.5CVSS0.00561EPSS
Exploits0References2
OSV
OSV
added 2024/10/11 2:36 p.m.8 views

CVE-2024-45396 Quicly assertion failures

Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using quicly. The vulnerability is addressed with commit...

7.5CVSS6.8AI score0.00561EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/10/11 2:36 p.m.14 views

CVE-2024-45396 Quicly assertion failures

Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using quicly. The vulnerability is addressed with commit...

7.5CVSS7AI score0.00561EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/11 2:36 p.m.25 views

CVE-2024-45396 Quicly assertion failures

Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using quicly. The vulnerability is addressed with commit...

7.5CVSS0.00561EPSS
Exploits0References2
CVE
CVE
added 2024/10/11 2:36 p.m.49 views

CVE-2024-45396

Quicly (IETF QUIC implementation) is affected by CVE-2024-45396. The vulnerability allows a remote attacker to cause a denial-of-service by triggering an assertion failure that crashes the process. Affected versions are up to the commit tagged d720707; the issue is addressed in commit 2a958961049...

7.5CVSS7.5AI score0.00561EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/09/02 6:15 p.m.24 views

CVE-2024-45311

Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. As of quinn-proto 0.11, it is possible for a server to accept, retry, refuse, or ignore an Incoming connection. However, calling retry on an unvalidated connection exposes the server to a likely panic in th...

7.5CVSS0.00568EPSS
Exploits0References3
CVE
CVE
added 2024/09/02 4:45 p.m.293 views

CVE-2024-45311

The CVE describes a DoS vulnerability in Quinn’s quinn-proto (v0.11) where calling retry() on an unvalidated connection can cause a panic in certain code paths (e.g., when refute/ignore on the validated connection have a duplicate initial packet, or when decrypting/exhausting connection IDs fails...

7.5CVSS7.3AI score0.00568EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/02 4:45 p.m.18 views

CVE-2024-45311 Denial of service in quinn-proto when using `Endpoint::retry()`

Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. As of quinn-proto 0.11, it is possible for a server to accept, retry, refuse, or ignore an Incoming connection. However, calling retry on an unvalidated connection exposes the server to a likely panic in th...

7.5CVSS7AI score0.00568EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/10/25 12:0 a.m.46 views

Fedora: Security Advisory for mvfst (FEDORA-2023-17efd3f2cd)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.6AI score0.99999EPSS
Exploits19References4
Rows per page
Query Builder