Denial Of Service (DoS)

2024-01-1106:59:11

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

quic-go

vulnerability

path_challenge

frames

memory

attacker

exploitation

software

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.2%

JSON

quic-go is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper handling of a large number of PATH_CHALLENGE frames. This issue can be exploited by an attacker by sending a large number of PATH_CHALLENGE frames, resulting in its peer to run out of memory to cause Denial Of Service (DoS).

CPENameOperatorVersion
github.com/quic-go/quic-goeq 0.40.0
github.com/quic-go/quic-golev0.38.1
github.com/quic-go/quic-golev0.37.6
github.com/quic-go/quic-gole0.39.3
github.com/quic-go/quic-goeq 0.40.0
github.com/quic-go/quic-golev0.38.1
github.com/quic-go/quic-golev0.37.6
github.com/quic-go/quic-gole0.39.3

Name	Operator	Version
github.com/quic-go/quic-go	eq	0.40.0
github.com/quic-go/quic-go	le	v0.38.1
github.com/quic-go/quic-go	le	v0.37.6
github.com/quic-go/quic-go	le	0.39.3
github.com/quic-go/quic-go	eq	0.40.0
github.com/quic-go/quic-go	le	v0.38.1
github.com/quic-go/quic-go	le	v0.37.6
github.com/quic-go/quic-go	le	0.39.3