Lucene search
+L

5 matches found

RedHat Linux
RedHat Linux
added 2024/10/28 1:27 p.m.4 views

quic-go: memory exhaustion attack against QUIC's connection ID mechanism

A flaw was found in quic-go. This issue may allow an attacker to trigger a denial of service by sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a RETIRECONNECTIONID frame, but the attacker can preve...

7.5CVSS5.8AI score0.011EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2024/04/09 2:30 a.m.4 views

SUSE CVE-2024-22189

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a...

7.5CVSS9.2AI score0.011EPSS
Exploits0References6
OSV
OSV
added 2024/04/04 3:15 p.m.2 views

DEBIAN-CVE-2024-22189

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a...

7.5CVSS7.7AI score0.011EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/02 12:0 a.m.4 views

PT-2024-2968

Name of the Vulnerable Software and Affected Versions quic-go versions prior to 0.42.0 Description The issue is related to the QUIC protocol implementation in quic-go, where an attacker can cause its peer to run out of memory by sending a large number of NEW CONNECTION ID frames that retire old...

7.8CVSS7.1AI score0.011EPSS
Exploits0References48
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.8 views

PT-2024-18020 · Quiche · Quiche

Name of the Vulnerable Software and Affected Versions: Quiche versions prior to 0.19.2 Quiche versions prior to 0.20.1 Description: The issue is related to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Each QUIC connectio...

5.3CVSS6.7AI score0.00662EPSS
Exploits0References15
Rows per page
Query Builder