PT-2024-31563 · Unknown · Quinn-Proto
Finnbear
·
Published
2024-09-02
·
Updated
2024-09-25
·
CVE-2024-45311
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
quinn-proto version 0.11
Description
The issue arises when a server calls
retry() on an unvalidated connection, exposing it to a likely panic in two situations:- When
refuseorignoreis called on the resulting validated connection and a duplicate initial packet is received. - When accepting a connection and the initial packet for the resulting validated connection fails to decrypt or exhausts connection IDs, but a similar initial packet that successfully decrypts and doesn't exhaust connection IDs is received. The former situation has been observed in a real application, while the latter is theoretical. This can lead to a denial of service for internet-facing servers.
Recommendations
For quinn-proto version 0.11, consider disabling the
retry() function on unvalidated connections until a patch is available.
As a temporary workaround, restrict the use of refuse() and ignore() on validated connections that have been retried to minimize the risk of panic.
Avoid accepting connections when the initial packet fails to decrypt or exhausts connection IDs, if possible, until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Quinn-Proto