CBL Mariner 2.0 Security Update: coredns (CVE-2023-49295)

The version of coredns installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-49295 advisory. - quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause...

SUSE CVE-2023-49295

quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause its peer to run out of memory sending a large number of PATHCHALLENGE frames. The receiver is supposed to respond to each PATHCHALLENGE frame with a PATHRESPONSE frame. The attacker can...

quic-go: memory exhaustion attack against QUIC's path validation mechanism

A memory exhaustion vulnerability was found in Quic-GO, where a malicious client exploits the path validation mechanism to induce the server into accumulating an unbounded queue of PATHRESPONSE frames, depleting its memory. The attacker controls the victim's packet send rate by overwhelming the...

AZL-33285 CVE-2023-49295 affecting package coredns for versions less than 1.11.1-5

quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause its peer to run out of memory sending a large number of PATHCHALLENGE frames. The receiver is supposed to respond to each PATHCHALLENGE frame with a PATHRESPONSE frame. The attacker can...

DEBIAN-CVE-2023-49295

quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause its peer to run out of memory sending a large number of PATHCHALLENGE frames. The receiver is supposed to respond to each PATHCHALLENGE frame with a PATHRESPONSE frame. The attacker can...

AZL-34627 CVE-2023-49295 affecting package coredns for versions less than 1.11.1-2

quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause its peer to run out of memory sending a large number of PATHCHALLENGE frames. The receiver is supposed to respond to each PATHCHALLENGE frame with a PATHRESPONSE frame. The attacker can...

Design/Logic Flaw

quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause its peer to run out of memory sending a large number of PATHCHALLENGE frames. The receiver is supposed to respond to each PATHCHALLENGE frame with a PATHRESPONSE frame. The attacker can...

UBUNTU-CVE-2023-49295

quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause its peer to run out of memory sending a large number of PATHCHALLENGE frames. The receiver is supposed to respond to each PATHCHALLENGE frame with a PATHRESPONSE frame. The attacker can...

PT-2024-13721

Name of the Vulnerable Software and Affected Versions quic-go versions prior to 0.37.7 quic-go versions prior to 0.38.2 quic-go versions prior to 0.39.4 Description An attacker can cause its peer to run out of memory by sending a large number of PATH CHALLENGE frames. The receiver is supposed to...

Quic-go Resource Management Error Vulnerability

quic-go is an implementation of the QUIC protocol, RFC 9000, in Go by Lucas Clemente, a private developer. A resource management error vulnerability exists in quic-go, which stems from a potential denial of service when subjected to too many PATHCHALLENGE frames...

quiche security breach

quiche is a Cloudflare open source implementation of the IETF-designated QUIC transport protocol and HTTP/3. A security vulnerability exists in quiche versions v0.15.0 through 0.19.0, which stems from a QUIC path authentication requirement that the recipient of a PATHCHALLENGE frame responds by...

PT-2023-32560 · Quiche · Quiche

Name of the Vulnerable Software and Affected Versions: quiche versions 0.15.0 through 0.19.0 Description: The issue is related to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation requires that the recipient of a PATH CHALLENGE...