rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
advisory-db/crates/quinn-proto/RUSTSEC-2024-0373.md
github-actions[bot] ebef0eb749 Assigned RUSTSEC-2024-0373 to quinn-proto (#2074) 
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
2024-09-08 02:47:13 +01:00

1.1 KiB
Raw Permalink Blame History 

[advisory]
id = "RUSTSEC-2024-0373"
package = "quinn-proto"
date = "2024-09-02"
url = "https://github.com/quinn-rs/quinn"
categories = ["denial-of-service"]
keywords = ["panic"]
aliases = ["GHSA-vr26-jcq5-fjj8", "CVE-2024-45311"]
cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"

[versions]
patched = [">= 0.11.7"]
unaffected = ["< 0.11.0"]

Endpoint::retry() calls can lead to panicking

In 0.11.0, we overhauled the server-side Endpoint implementation to enable more careful handling of incoming connection attempts. However, some of the code paths that cleaned up state after connection attempts were processed confused the initial destination connection ID with the destination connection ID of a substantial package. This resulted in the internal Endpoint state becoming inconsistent, which could then lead to a panic.

e01609ccd8

Thanks to @finbear for reporting and investingating, and to @BiagoFesta for coordinating.