Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Quinn affected by unauthenticated remote DoS via panic in QUIC transport parameter parsing
Vulnerability Description
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed quic_transport_parameters. In quinn-proto parsing logic, attacker-controlled varints are decoded with unwrap(), so truncated encodings cause Err(UnexpectedEnd) and panic. This is reachable over the network with a single packet and no prior trust or authentication. This vulnerability is fixed in 0.11.14.
CVSS Information
N/A
Vulnerability Type
未捕获的异常
Vulnerability Title
Quinn 安全漏洞
Vulnerability Description
Quinn是quinn-rs开源的一个 IETF QUIC 传输协议的纯 Rust、异步兼容实现。 Quinn 0.11.14之前版本存在安全漏洞,该漏洞源于解析特制QUIC初始数据包时解码受攻击者控制的varints可能导致恐慌,可能导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A