CVE-2020-24944

Name of the Vulnerable Software and Affected Versions: picoquic versions prior to July 3, 2020

Description: The issue allows attackers to cause a denial of service, resulting in an infinite loop, via a crafted QUIC frame. This is related to the picoquic decode frames and picoquic decode stream frame functions when epoch equals 3.

Recommendations: For versions prior to July 3, 2020, consider updating to a version released after this date to resolve the issue. As a temporary workaround, consider restricting the handling of crafted QUIC frames to minimize the risk of exploitation.