Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Incorrect congestion window growth by optimistic ACK
Vulnerability Description
Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating a congestion-controlled data transfer towards itself. Then, it could manipulate the victim's congestion control state by sending ACK frames exercising an opportunistic ACK attack; see RFC 9000 Section 21.4. The victim could grow the congestion window beyond typical expectations and allow more bytes in flight than the path might really support. Patches quiche 0.24.4 is the earliest version containing the fix for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
quiche 安全漏洞
Vulnerability Description
quiche是Cloudflare开源的一个 IETF 指定的 QUIC 传输协议和 HTTP/3 的实现。 quiche存在安全漏洞,该漏洞源于拥塞窗口增长不当,可能导致数据发送速率超过路径支持能力。
CVSS Information
N/A
Vulnerability Type
N/A