Search criteria
3 vulnerabilities by quinn_project
CVE-2024-45311 (GCVE-0-2024-45311)
Vulnerability from cvelistv5 – Published: 2024-09-02 16:45 – Updated: 2024-09-03 14:04
VLAI
Title
Denial of service in quinn-proto when using `Endpoint::retry()`
Summary
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. As of quinn-proto 0.11, it is possible for a server to `accept()`, `retry()`, `refuse()`, or `ignore()` an `Incoming` connection. However, calling `retry()` on an unvalidated connection exposes the server to a likely panic in the following situations: 1. Calling `refuse` or `ignore` on the resulting validated connection, if a duplicate initial packet is received. This issue can go undetected until a server's `refuse()`/`ignore()` code path is exercised, such as to stop a denial of service attack. 2. Accepting when the initial packet for the resulting validated connection fails to decrypt or exhausts connection IDs, if a similar initial packet that successfully decrypts and doesn't exhaust connection IDs is received. This issue can go undetected if clients are well-behaved. The former situation was observed in a real application, while the latter is only theoretical.
Severity
7.5 (High)
CWE
- CWE-670 - Always-Incorrect Control Flow Implementation
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/quinn-rs/quinn/security/adviso… | x_refsource_CONFIRM |
| https://github.com/quinn-rs/quinn/commit/e01609cc… | x_refsource_MISC |
| https://github.com/quinn-rs/quinn/blob/bb02a12a84… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:quinn_project:quinn:*:*:*:*:*:rust:*:*"
],
"defaultStatus": "unknown",
"product": "quinn",
"vendor": "quinn_project",
"versions": [
{
"lessThan": "0.11.7",
"status": "affected",
"version": "0.11.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45311",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T14:01:33.229542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T14:04:46.433Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "quinn",
"vendor": "quinn-rs",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.11.0, \u003c 0.11.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. As of quinn-proto 0.11, it is possible for a server to `accept()`, `retry()`, `refuse()`, or `ignore()` an `Incoming` connection. However, calling `retry()` on an unvalidated connection exposes the server to a likely panic in the following situations: 1. Calling `refuse` or `ignore` on the resulting validated connection, if a duplicate initial packet is received. This issue can go undetected until a server\u0027s `refuse()`/`ignore()` code path is exercised, such as to stop a denial of service attack. 2. Accepting when the initial packet for the resulting validated connection fails to decrypt or exhausts connection IDs, if a similar initial packet that successfully decrypts and doesn\u0027t exhaust connection IDs is received. This issue can go undetected if clients are well-behaved. The former situation was observed in a real application, while the latter is only theoretical."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670: Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-02T16:45:39.465Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/quinn-rs/quinn/security/advisories/GHSA-vr26-jcq5-fjj8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/quinn-rs/quinn/security/advisories/GHSA-vr26-jcq5-fjj8"
},
{
"name": "https://github.com/quinn-rs/quinn/commit/e01609ccd8738bd438d86fa7185a0f85598cb58f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/quinn-rs/quinn/commit/e01609ccd8738bd438d86fa7185a0f85598cb58f"
},
{
"name": "https://github.com/quinn-rs/quinn/blob/bb02a12a8435a7732a1d762783eeacbb7e50418e/quinn-proto/src/endpoint.rs#L213",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/quinn-rs/quinn/blob/bb02a12a8435a7732a1d762783eeacbb7e50418e/quinn-proto/src/endpoint.rs#L213"
}
],
"source": {
"advisory": "GHSA-vr26-jcq5-fjj8",
"discovery": "UNKNOWN"
},
"title": "Denial of service in quinn-proto when using `Endpoint::retry()`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45311",
"datePublished": "2024-09-02T16:45:39.465Z",
"dateReserved": "2024-08-26T18:25:35.444Z",
"dateUpdated": "2024-09-03T14:04:46.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42805 (GCVE-0-2023-42805)
Vulnerability from cvelistv5 – Published: 2023-09-21 16:39 – Updated: 2024-09-24 15:03
VLAI
Title
quinn-proto Denial of Service vulnerability
Summary
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases.
Severity
7.5 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/quinn-rs/quinn/security/adviso… | x_refsource_CONFIRM |
| https://github.com/quinn-rs/quinn/pull/1667 | x_refsource_MISC |
| https://github.com/quinn-rs/quinn/pull/1668 | x_refsource_MISC |
| https://github.com/quinn-rs/quinn/pull/1669 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:30:24.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/quinn-rs/quinn/security/advisories/GHSA-q8wc-j5m9-27w3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/quinn-rs/quinn/security/advisories/GHSA-q8wc-j5m9-27w3"
},
{
"name": "https://github.com/quinn-rs/quinn/pull/1667",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/quinn-rs/quinn/pull/1667"
},
{
"name": "https://github.com/quinn-rs/quinn/pull/1668",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/quinn-rs/quinn/pull/1668"
},
{
"name": "https://github.com/quinn-rs/quinn/pull/1669",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/quinn-rs/quinn/pull/1669"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:quinn_project:quinn:*:*:*:*:*:rust:*:*"
],
"defaultStatus": "unknown",
"product": "quinn",
"vendor": "quinn_project",
"versions": [
{
"lessThan": "0.9.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "0.10.5",
"status": "affected",
"version": "0.10.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42805",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T14:49:07.069105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T15:03:39.325Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "quinn",
"vendor": "quinn-rs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.9.5"
},
{
"status": "affected",
"version": "\u003e= 0.10.0, \u003c 0.10.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-21T16:39:56.350Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/quinn-rs/quinn/security/advisories/GHSA-q8wc-j5m9-27w3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/quinn-rs/quinn/security/advisories/GHSA-q8wc-j5m9-27w3"
},
{
"name": "https://github.com/quinn-rs/quinn/pull/1667",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/quinn-rs/quinn/pull/1667"
},
{
"name": "https://github.com/quinn-rs/quinn/pull/1668",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/quinn-rs/quinn/pull/1668"
},
{
"name": "https://github.com/quinn-rs/quinn/pull/1669",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/quinn-rs/quinn/pull/1669"
}
],
"source": {
"advisory": "GHSA-q8wc-j5m9-27w3",
"discovery": "UNKNOWN"
},
"title": "quinn-proto Denial of Service vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-42805",
"datePublished": "2023-09-21T16:39:56.350Z",
"dateReserved": "2023-09-14T16:13:33.307Z",
"dateUpdated": "2024-09-24T15:03:39.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28036 (GCVE-0-2021-28036)
Vulnerability from cvelistv5 – Published: 2021-03-05 08:38 – Updated: 2024-08-03 21:33
VLAI
Summary
An issue was discovered in the quinn crate before 0.7.0 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://rustsec.org/advisories/RUSTSEC-2021-0035.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:17.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0035.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the quinn crate before 0.7.0 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-05T08:38:51.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0035.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the quinn crate before 0.7.0 for Rust. It may have invalid memory access for certain versions of the standard library because it relies on a direct cast of std::net::SocketAddrV4 and std::net::SocketAddrV6 data structures."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rustsec.org/advisories/RUSTSEC-2021-0035.html",
"refsource": "MISC",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0035.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28036",
"datePublished": "2021-03-05T08:38:51.000Z",
"dateReserved": "2021-03-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:33:17.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}