13 matches found
EUVD-2024-0394
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-49295
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause its peer to run out of memory sending a large number...
Azure Linux 3.0 Security Update: coredns (CVE-2023-49295)
The version of coredns installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-49295 advisory. - quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause...
Fedora 39 : syncthing (2024-c46536abe6)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-c46536abe6 advisory. Update to version 1.27.3. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.27.3 This update also addresses CVE-2023-49295 in quic-go:...
Fedora 38 : syncthing (2024-b93312a597)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-b93312a597 advisory. Update to version 1.27.3. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.27.3 This update also addresses CVE-2023-49295 in quic-go:...
Denial Of Service (DoS)
quic-go is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of a large number of PATHCHALLENGE frames. This issue can be exploited by an attacker by sending a large number of PATHCHALLENGE frames, resulting in its peer to run out of memory to cause Denial Of...
CVE-2023-49295
quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause its peer to run out of memory sending a large number of PATHCHALLENGE frames. The receiver is supposed to respond to each PATHCHALLENGE frame with a PATHRESPONSE frame. The attacker can...
CVE-2023-49295
quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause its peer to run out of memory sending a large number of PATHCHALLENGE frames. The receiver is supposed to respond to each PATHCHALLENGE frame with a PATHRESPONSE frame. The attacker can...
CVE-2023-49295
quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause its peer to run out of memory sending a large number of PATHCHALLENGE frames. The receiver is supposed to respond to each PATHCHALLENGE frame with a PATHRESPONSE frame. The attacker can...
CVE-2023-49295
CVE-2023-49295 affects quic-go, an implementation of QUIC in Go. The issue allows an attacker to cause a peer to exhaust memory by sending many PATH_CHALLENGE frames; the receiver should reply with PATH_RESPONSEs, but an attacker can suppress most responses by manipulating the peer’s congestion w...
CVE-2023-6193
quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation RFC 9000 Section 8.2 requires that the recipient of a PATHCHALLENGE frame responds by sending a PATHRESPONSE. ...
CVE-2023-6193
quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation RFC 9000 Section 8.2 requires that the recipient of a PATHCHALLENGE frame responds by sending a PATHRESPONSE. ...
Input validation
quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation RFC 9000 Section 8.2 requires that the recipient of a PATHCHALLENGE frame responds by sending a PATHRESPONSE. ...