CVE-2024-1765

Name of the Vulnerable Software and Affected Versions Cloudflare Quiche versions 0.19.1 through 0.20.0

Description The issue is related to an unlimited resource allocation vulnerability, causing a rapid increase in memory usage of the system running the quiche server or client. A remote attacker could exploit this by repeatedly sending an unlimited number of 1-RTT CRYPTO frames after completing the QUIC handshake. Exploitation was possible for the duration of the connection, which could be extended by the attacker.

Recommendations For versions prior to 0.19.2 and 0.20.1, update to version 0.19.2 or 0.20.1 to resolve the issue. As a temporary workaround, consider restricting the number of 1-RTT CRYPTO frames that can be sent after the QUIC handshake to minimize the risk of exploitation.