Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
webtransport-go CloseWithError can block indefinitely
Vulnerability Description
webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream, blocking transmission of the WT_CLOSE_SESSION capsule and causing the close operation to hang. This vulnerability is fixed in v0.10.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
webtransport-go 资源管理错误漏洞
Vulnerability Description
webtransport-go是quic-go开源的一个Go语言库。 webtransport-go 0.10.0之前版本存在资源管理错误漏洞,该漏洞源于恶意对等方可能阻止或无限期延迟会话关闭,可能导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A