漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Unlimited resource allocation by QUIC CRYPTO frames flooding in quiche
Vulnerability Description
Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client. A remote attacker could take advantage of this vulnerability by repeatedly sending an unlimited number of 1-RTT CRYPTO frames after previously completing the QUIC handshake. Exploitation was possible for the duration of the connection which could be extended by the attacker. quiche 0.19.2 and 0.20.1 are the earliest versions containing the fix for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Cloudflare quiche 安全漏洞
Vulnerability Description
quiche是Cloudflare开源的一个 IETF 指定的 QUIC 传输协议和 HTTP/3 的实现。 Cloudflare quiche 0.19.1之前、0.20.0版本存在安全漏洞,该漏洞源于QUIC CRYPTO 帧在quiche中泛滥,导致运行 quiche 服务器或客户端的系统内存使用量快速增加。
CVSS Information
N/A
Vulnerability Type
N/A