19 matches found
Fedora 43 : bpfman (2026-2fef29d32a)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2fef29d32a advisory. Fix CVE-2026-31812: Bump quinn-proto to 0.11.14 - Closes rhbz2446359 Tenable has extracted the preceding description block directly from the Fedora security...
agnostic (>=0.2.5 <=0.2.6), async-streamdata (>=0.5.0 <=0.5.1) +65 more potentially affected by CVE-2026-31812 via quinn-proto (=0.10.6)
quinn-proto CARGO version =0.10.6 is affected by a known vulnerability. The following packages have a transitive dependency on quinn-proto and may be impacted: - agnostic =0.2.5, =0.5.0, =0.11.20, =0.10.6, =0.1.0, =0.2.7, =0.6.0, =0.4.0, =0.5.0 - durianmacros =0.4.1 - durianprocmacros =0.2.1 -...
Quinn affected by unauthenticated remote DoS via panic in QUIC transport parameter parsing
Summary A remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed quictransportparameters. In quinn-proto parsing logic, attacker-controlled varints are decoded with unwrap, so...
Fedora 45 : bpfman (2026-0523662d59)
The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-0523662d59 advisory. Automatic update for bpfman-0.5.4-6.fc45. Changelog Wed Mar 11 2026 Daniel Mellado - 0.5.4-6 - Fix CVE-2026-31812: Bump quinn-proto to 0.11.14 - Closes...
CVE-2023-42805
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases...
Denial of service in quinn-proto when using `Endpoint::retry()`
Summary As of quinn-proto 0.11, it is possible for a server to accept, retry, refuse, or ignore an Incoming connection. However, calling retry on an unvalidated connection exposes the server to a likely panic in the following situations: - Calling refuse or ignore on the resulting validated...
GHSA-VR26-JCQ5-FJJ8 Denial of service in quinn-proto when using `Endpoint::retry()`
Summary As of quinn-proto 0.11, it is possible for a server to accept, retry, refuse, or ignore an Incoming connection. However, calling retry on an unvalidated connection exposes the server to a likely panic in the following situations: - Calling refuse or ignore on the resulting validated...
CVE-2024-45311 Denial of service in quinn-proto when using `Endpoint::retry()`
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. As of quinn-proto 0.11, it is possible for a server to accept, retry, refuse, or ignore an Incoming connection. However, calling retry on an unvalidated connection exposes the server to a likely panic in th...
CVE-2024-45311 Denial of service in quinn-proto when using `Endpoint::retry()`
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. As of quinn-proto 0.11, it is possible for a server to accept, retry, refuse, or ignore an Incoming connection. However, calling retry on an unvalidated connection exposes the server to a likely panic in th...
PT-2024-31563 · Unknown · Quinn-Proto
Name of the Vulnerable Software and Affected Versions: quinn-proto version 0.11 Description: The issue arises when a server calls retry on an unvalidated connection, exposing it to a likely panic in two situations: 1. When refuse or ignore is called on the resulting validated connection and a...
DEBIAN-CVE-2023-42805
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases...
CVE-2023-42805
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases...
UBUNTU-CVE-2023-42805
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases...
CVE-2023-42805
CVE-2023-42805 affects the QUIC state machine implementation in quinn-proto . The issue arises when a QUIC packet contains unknown frames, which could cause a panic in versions prior to maintenance releases. The vulnerability is addressed by fixes in 0.9.5 and 0.10.5 maintenance releases. There i...
CVE-2023-42805 quinn-proto Denial of Service vulnerability
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases...
CVE-2023-42805 quinn-proto Denial of Service vulnerability
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases...
CVE-2023-42805 quinn-proto Denial of Service vulnerability
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases...
CVE-2023-42805
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases...
PT-2023-28591 · Unknown +1 · Quinn-Proto +1
Name of the Vulnerable Software and Affected Versions: quinn-proto versions prior to 0.9.5 quinn-proto versions prior to 0.10.5 Description: Receiving unknown QUIC frames in a QUIC packet could result in a panic. The issue was reported by the QUIC Tester research group and was not found by the...