Louisna

**Name of the Vulnerable Software and Affected Versions** quiche versions prior to 0.24.4 **Description** The issue is related to incorrect congestion window growth, which could cause quiche to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit this by completing a handshake, initiating a congestion-controlled data transfer, and then manipulating the victim's congestion control state by sending ACK frames, exercising an opportunistic ACK attack as described in RFC 9000 Section 21.4. This could allow the victim to grow the congestion window beyond typical expectations and have more bytes in flight than the path might really support. **Recommendations** For versions prior to 0.24.4, update to quiche version 0.24.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the congestion control feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** quiche versions prior to 0.24.4 **Description** The issue is related to incorrect congestion window growth, which could cause quiche to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit this by completing a handshake, initiating a congestion-controlled data transfer, and manipulating the victim's congestion control state by sending ACK frames covering a large range of packet numbers, as described in RFC 9000 Section 19.3. This could lead to the congestion window growing beyond typical expectations, allowing more bytes in flight than the path might really support, and potentially causing an overflow panic. **Recommendations** For versions prior to 0.24.4, update to quiche version 0.24.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of congestion-controlled data transfers to minimize the risk of exploitation. Avoid using the `ACK` frames to manipulate the congestion control state until the issue is resolved.