CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21 matches found

Github Security Blog•added 2 days ago•6 views

Netty: QUIC stateless reset token material exposed through header-visible connection IDs

Summary Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the server's current source connection ID can be derived from bytes that appear as the connection ID in QUIC headers...

4.8CVSS5.4AI score0.00204EPSS

Exploits0References4Affected Software1

Tenable Nessus•added 2024/08/30 12:0 a.m.•20 views

CBL Mariner 2.0 Security Update: coredns (CVE-2023-49295)

The version of coredns installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-49295 advisory. - quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause...

6.5CVSS6.4AI score0.01194EPSS

Exploits0References2

OSV•added 2024/03/13 3:38 p.m.•12 views

GHSA-XHG9-XWCH-VR7X quiche vulnerable to unbounded storage of information related to connection ID retirement

Impact Cloudflare quiche was discovered to be vulnerable to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Each QUIC connection possesses a set of connection Identifiers IDs; see RFC 9000 Section 5.1. Endpoints declare the...

3.7CVSS4.3AI score0.00662EPSS

Exploits0References9

Github Security Blog•added 2024/03/13 3:38 p.m.•25 views

quiche vulnerable to unbounded storage of information related to connection ID retirement

5.3CVSS7.3AI score0.00662EPSS

Exploits0References9Affected Software1

NVD•added 2024/03/12 6:15 p.m.•9 views

CVE-2024-1410

Cloudflare quiche was discovered to be vulnerable to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Each QUIC connection possesses a set of connection Identifiers IDs; see RFC 9000 Section 5.1...

5.3CVSS4.4AI score0.00662EPSS

Exploits0References1

Prion•added 2024/03/12 6:15 p.m.•12 views

Design/Logic Flaw

2.6CVSS7.3AI score0.00662EPSS

Exploits0References1

CVE•added 2024/03/12 6:6 p.m.•68 views

CVE-2024-1410

CVE-2024-1410 affects Cloudflare quiche, an open-source QUIC implementation. The issue is unbounded storage of information related to connection ID retirement, where an unauthenticated attacker can cause RETIRE_CONNECTION_ID frames to arrive faster than they can be retired, potentially overflowin...

5.3CVSS4.3AI score0.00662EPSS

Exploits0References1Affected Software1

Cvelist•added 2024/03/12 6:6 p.m.•12 views

CVE-2024-1410 Unbounded storage of information related to connection ID retirement, in quiche

3.7CVSS4.8AI score0.00662EPSS

Exploits0References1

NVD•added 2024/02/21 12:15 a.m.•10 views

CVE-2023-50923

In QUIC in RFC 9000, the Latency Spin Bit specification section 17.4 does not strictly constrain the bit value when the feature is disabled, which might allow remote attackers to construct a covert channel with data represented as changes to the bit value. NOTE: The "Sheridan, S., Keane, A. 2015...

4.3CVSS6.6AI score0.00274EPSS

Exploits0References3

Prion•added 2024/02/21 12:15 a.m.•29 views

Code injection

7.2AI score0.00274EPSS

Exploits0References3

CVE•added 2024/02/20 12:0 a.m.•96 views

CVE-2023-50923

Technical details (affected products/versions, root cause, mitigation) are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories for concrete information.

4.3CVSS6.8AI score0.00274EPSS

Exploits0References3

Vulnrichment•added 2024/02/20 12:0 a.m.•11 views

CVE-2023-50923

7AI score0.00274EPSS

Exploits0References3

Cvelist•added 2024/02/20 12:0 a.m.•11 views

CVE-2023-50923

6.9AI score0.00274EPSS

Exploits0References3

CVE•added 2024/01/10 9:40 p.m.•362 views

CVE-2023-49295

CVE-2023-49295 affects quic-go, an implementation of QUIC in Go. The issue allows an attacker to cause a peer to exhaust memory by sending many PATH_CHALLENGE frames; the receiver should reply with PATH_RESPONSEs, but an attacker can suppress most responses by manipulating the peer’s congestion w...

6.5CVSS6.1AI score0.01194EPSS

Exploits0References11Affected Software1

Debian CVE•added 2024/01/10 9:40 p.m.•25 views

CVE-2023-49295

quic-go is an implementation of the QUIC protocol RFC 9000, RFC 9001, RFC 9002 in Go. An attacker can cause its peer to run out of memory sending a large number of PATHCHALLENGE frames. The receiver is supposed to respond to each PATHCHALLENGE frame with a PATHRESPONSE frame. The attacker can...

6.5CVSS6.3AI score0.01194EPSS

Exploits0

OSV•added 2023/12/13 1:34 p.m.•15 views

GHSA-W3VP-JW9M-F9PM Unbounded queuing of path validation messages in cloudflare-quiche

Impact quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation RFC 9000 Section 8.2 requires that the recipient of a PATHCHALLENGE frame responds by sending a...

5.3CVSS5.3AI score0.00763EPSS

Exploits0References5

Github Security Blog•added 2023/12/13 1:34 p.m.•17 views

Unbounded queuing of path validation messages in cloudflare-quiche

5.3CVSS7.2AI score0.00763EPSS

Exploits0References5Affected Software1

NVD•added 2023/12/12 2:15 p.m.•12 views

CVE-2023-6193

quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation RFC 9000 Section 8.2 requires that the recipient of a PATHCHALLENGE frame responds by sending a PATHRESPONSE. ...

5.3CVSS0.00763EPSS

Exploits0References2

OSV•added 2023/12/12 2:15 p.m.•22 views

CVE-2023-6193

5.3CVSS7.2AI score

Exploits0References2

Prion•added 2023/12/12 2:15 p.m.•18 views

Input validation

5CVSS7.5AI score0.00763EPSS

Exploits0References2Affected Software1

Rows per page