CVE-2022-30591

Name of the Vulnerable Software and Affected Versions quic-go versions through 0.27.0

Description The issue allows remote attackers to cause a denial of service (CPU consumption) via a Slowloris variant in which incomplete QUIC or HTTP/3 requests are sent. This occurs because mtu discoverer.go misparses the MTU Discovery service and consequently overflows the probe timer.

Recommendations For quic-go versions through 0.27.0, consider disabling the mtu discoverer.go service until a patch is available to prevent the denial of service attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.