Lucene search
K
CloudflareQuiche

6 matches found

CVE
CVE
added 2025/08/07 3:19 p.m.80 views

CVE-2025-7054

The CVE-2025-7054 entry concerns Cloudflare’s quiche QUIC/TLS library, where an unauthenticated attacker can trigger an infinite loop by sending RETIRE_CONNECTION_ID frames. The issue arises from how retirement across paths can synchronize multiple active connection IDs, allowing a retirement fra...

8.7CVSS6.8AI score0.00385EPSS
CVE
CVE
added 2024/03/12 6:6 p.m.73 views

CVE-2024-1410

CVE-2024-1410 affects Cloudflare quiche, an open-source QUIC implementation. The issue is unbounded storage of information related to connection ID retirement, where an unauthenticated attacker can cause RETIRE_CONNECTION_ID frames to arrive faster than they can be retired, potentially overflowin...

5.3CVSS4.3AI score0.00662EPSS
CVE
CVE
added 2024/03/12 6:4 p.m.73 views

CVE-2024-1765

Cloudflare Quiche (up to 0.19.1/0.20.0) contains an unlimited resource allocation vulnerability where an attacker floods QUIC CRYPTO frames (1-RTT) after the QUIC handshake, causing rapid memory usage growth on the affected system. The issue affects both server and client implementations and coul...

7.5CVSS5.7AI score0.01175EPSS
CVE
CVE
added 2023/12/12 1:32 p.m.65 views

CVE-2023-6193

CVE-2023-6193 affects quiche versions 0.15.0–0.19.0, where an unauthenticated attacker can trigger unbounded queuing of path validation messages by sending PATH_CHALLENGE frames, causing excessive resource consumption as PATH_RESPONSE frames are delayed. The root cause is related to QUIC path val...

5.3CVSS5.3AI score0.00763EPSS
CVE
CVE
added 2025/06/18 3:47 p.m.28 views

CVE-2025-4821

CVE-2025-4821 affects Cloudflare’s quiche (QUIC) prior to 0.24.4. The issue is “Incorrect congestion window growth” caused by processing invalid ACK ranges. An unauthenticated remote attacker can complete a handshake, initiate a congestion-controlled transfer, and send ACK frames covering a large...

7.5CVSS7.8AI score0.00723EPSS
CVE
CVE
added 2025/06/18 3:45 p.m.23 views

CVE-2025-4820

CVE-2025-4020 (CVE-2025-4820) affects the Cloudflare quiche library. The issue is an incorrect congestion window growth caused by an opportunistic ACK attack (RFC 9000, §21.4) that can allow a victim to send more data in flight than the path supports. An unauthenticated remote attacker can comple...

5.3CVSS5.5AI score0.00673EPSS