CVE-2025-4820

Name of the Vulnerable Software and Affected Versions quiche versions prior to 0.24.4

Description The issue is related to incorrect congestion window growth, which could cause quiche to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit this by completing a handshake, initiating a congestion-controlled data transfer, and then manipulating the victim's congestion control state by sending ACK frames, exercising an opportunistic ACK attack as described in RFC 9000 Section 21.4. This could allow the victim to grow the congestion window beyond typical expectations and have more bytes in flight than the path might really support.

Recommendations For versions prior to 0.24.4, update to quiche version 0.24.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the congestion control feature until a patch is available.