Vulnerabilities > CVE-2020-24944 - Infinite Loop vulnerability in Privateoctopus Picoquic

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

privateoctopus

CWE-835

NVD

Published: 2021-02-08

Updated: 2021-02-10

Summary

picoquic (before 3rd of July 2020) allows attackers to cause a denial of service (infinite loop) via a crafted QUIC frame, related to the picoquic_decode_frames and picoquic_decode_stream_frame functions and epoch==3.

Vulnerable Configurations

Part	Description	Count
Application	Privateoctopus Privateoctopus Picoquic -	1

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

References

https://github.com/private-octopus/picoquic/issues/969