13 matches found
Integer Underflow (Wrap or Wraparound)
Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound in the ACK frame decoding. An attacker can gain elevated privileges by sending specially crafted network packets that trigger an integer underflow during frame parsing. Remediation Upgrade...
Integer Underflow (Wrap or Wraparound)
Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound in the ACK frame decoding. An attacker can gain elevated privileges by sending specially crafted network packets that trigger an integer underflow during frame parsing. Remediation Upgrade...
MsQuic has a Remote Elevation of Privilege Vulnerability
Summary Improper input validation in Microsoft QUIC allows an unauthorized attacker to elevate privileges over a network. Details Improper Input Validation Integer Underflow Wrap or Wraparound when decoding ACK frame. Patches - Fix underflow in ACK frame parsing - 1e6e999b Impact An attacker who...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via MsQuic.dll, allowing a peer to allocate small chunks of memory as long as a connection stays alive. Note: This issue only affects Windows systems. Details Denial of Service DoS describes a family of attacks, al...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via MsQuic.dll, allowing a peer to allocate small chunks of memory as long as a connection stays alive. Note: This issue only affects Windows systems. Details Denial of Service DoS describes a family of attacks, al...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via MsQuic.dll, allowing a peer to allocate small chunks of memory as long as a connection stays alive. Note: This issue only affects Windows systems. Details Denial of Service DoS describes a family of attacks, al...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via MsQuic.dll, allowing a peer to allocate small chunks of memory as long as a connection stays alive. Note: This issue only affects Windows systems. Details Denial of Service DoS describes a family of attacks, al...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via MsQuic.dll, allowing a peer to allocate small chunks of memory as long as a connection stays alive. Note: This issue only affects Windows systems. Details Denial of Service DoS describes a family of attacks, al...
GHSA-FR44-546P-7XCP MsQuic Remote Denial of Service Vulnerability
Impact The MsQuic server will continue to leak memory until no more is available, resulting in a denial of service. Patches The following patch was made: - Fix Memory Leak from Multiple Decodes of TP - https://github.com/microsoft/msquic/commit/d364feeda0dd8b729eca6fef149c1ef98630f0cb Workarounds...
MsQuic Remote Denial of Service Vulnerability
Impact The MsQuic server will continue to leak memory until no more is available, resulting in a denial of service. Patches The following patch was made: - Fix Memory Leak from Multiple Decodes of TP - https://github.com/microsoft/msquic/commit/d364feeda0dd8b729eca6fef149c1ef98630f0cb Workarounds...
Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel
Impact The MsQuic server application or process will crash, resulting in a denial of service. Patches The following patch was made: - Don't Allow Version Negotiation Packets for Server Connections - https://github.com/microsoft/msquic/commit/3226cff07d22662f16fc98d605656860e64cd343 Workarounds...
GHSA-XH5M-8QQP-C5X7 Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel
Impact The MsQuic server application or process will crash, resulting in a denial of service. Patches The following patch was made: - Don't Allow Version Negotiation Packets for Server Connections - https://github.com/microsoft/msquic/commit/3226cff07d22662f16fc98d605656860e64cd343 Workarounds...
PT-2023-5942 · Microsoft +1 · Quic +2
Name of the Vulnerable Software and Affected Versions: Microsoft QUIC affected versions not specified Description: The issue is related to insufficient input validation in the implementation of the QUIC network protocol in the Windows operating system. This can be exploited by a remote attacker t...