6 matches found
Fedora 39 : syncthing (2024-c46536abe6)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-c46536abe6 advisory. Update to version 1.27.3. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.27.3 This update also addresses CVE-2023-49295 in quic-go:...
Fedora 38 : syncthing (2024-b93312a597)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-b93312a597 advisory. Update to version 1.27.3. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.27.3 This update also addresses CVE-2023-49295 in quic-go:...
CVE-2023-49295
quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause its peer to run out of memory sending a large number of PATHCHALLENGE frames. The receiver is supposed to respond to each PATHCHALLENGE frame with a PATHRESPONSE frame. The attacker can...
CVE-2023-6193
quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation RFC 9000 Section 8.2 requires that the recipient of a PATHCHALLENGE frame responds by sending a PATHRESPONSE. ...
CVE-2023-6193
quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation RFC 9000 Section 8.2 requires that the recipient of a PATHCHALLENGE frame responds by sending a PATHRESPONSE. ...
Input validation
quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation RFC 9000 Section 8.2 requires that the recipient of a PATHCHALLENGE frame responds by sending a PATHRESPONSE. ...