PT-2024-2257 · Microsoft+1 · Windows+1

Published

2024-03-12

Updated

2025-09-04

CVE-2024-26190

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Windows versions prior to the fixed version

Description The issue is related to the implementation of the QUIC network protocol in Windows operating systems, specifically due to insufficient input validation. This can be exploited by a remote attacker to cause a denial of service using specially crafted data. The MsQuic server will continue to leak memory until no more is available, resulting in a denial of service.

Recommendations For Windows versions prior to the fixed version, upgrade to the patched version to fix the memory leak issue. As a temporary workaround, consider restricting access to the MsQuic server to minimize the risk of exploitation. Beyond upgrading to the patched versions, there are no other workarounds available.

Fix

DoS

Memory Leak

RCE

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-20CWE-400

Related Identifiers

ALT-PU-2024-13115

ALT-PU-2024-13117

ALT-PU-2024-13118

ALT-PU-2024-16796

ALT-PU-2024-16799

ALT-PU-2024-16939

ALT-PU-2024-5924

ALT-PU-2024-5998

ALT-PU-2024-6034

BDU:2024-02190

BIT-DOTNET-2024-26190

BIT-DOTNET-SDK-2024-26190

BIT-POWERSHELL-2024-26190

CVE-2024-26190

GHSA-2X7M-GF85-3745

Affected Products

Alt Linux

Windows

PT-2024-2257 · Microsoft+1 · Windows+1

CVE-2024-26190

Weakness Enumeration

Related Identifiers

Affected Products

References · 17