12 matches found
CVE-2024-52811 Acks not validated before logged to qlog leads to buffer overflow in ngtcp2
The ngtcp2 project is an effort to implement IETF QUIC protocol in C. In affected versions acks are not validated before being written to the qlog leading to a buffer overflow. In ngtcp2conn::connrecvpkt for an ACK, there was new logic that got added to skip connrecvack if an ack has already been...
CVE-2024-52811 Acks not validated before logged to qlog leads to buffer overflow in ngtcp2
The ngtcp2 project is an effort to implement IETF QUIC protocol in C. In affected versions acks are not validated before being written to the qlog leading to a buffer overflow. In ngtcp2conn::connrecvpkt for an ACK, there was new logic that got added to skip connrecvack if an ack has already been...
CVE-2024-52811
The ngtcp2 project is an effort to implement IETF QUIC protocol in C. In affected versions acks are not validated before being written to the qlog leading to a buffer overflow. In ngtcp2conn::connrecvpkt for an ACK, there was new logic that got added to skip connrecvack if an ack has already been...
CVE-2024-45396
Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using quicly. The vulnerability is addressed with commit...
CVE-2024-45396 Quicly assertion failures
Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using quicly. The vulnerability is addressed with commit...
CVE-2024-45396 Quicly assertion failures
Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using quicly. The vulnerability is addressed with commit...
CVE-2024-45396 Quicly assertion failures
Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using quicly. The vulnerability is addressed with commit...
CVE-2024-45396
Quicly (IETF QUIC implementation) is affected by CVE-2024-45396. The vulnerability allows a remote attacker to cause a denial-of-service by triggering an assertion failure that crashes the process. Affected versions are up to the commit tagged d720707; the issue is addressed in commit 2a958961049...
CVE-2024-45311
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. As of quinn-proto 0.11, it is possible for a server to accept, retry, refuse, or ignore an Incoming connection. However, calling retry on an unvalidated connection exposes the server to a likely panic in th...
CVE-2024-45311
The CVE describes a DoS vulnerability in Quinn’s quinn-proto (v0.11) where calling retry() on an unvalidated connection can cause a panic in certain code paths (e.g., when refute/ignore on the validated connection have a duplicate initial packet, or when decrypting/exhausting connection IDs fails...
CVE-2024-45311 Denial of service in quinn-proto when using `Endpoint::retry()`
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. As of quinn-proto 0.11, it is possible for a server to accept, retry, refuse, or ignore an Incoming connection. However, calling retry on an unvalidated connection exposes the server to a likely panic in th...
Fedora: Security Advisory for mvfst (FEDORA-2023-17efd3f2cd)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...