Vulnerabilities > CVE-2023-42805 - Unspecified vulnerability in Quinn Project Quinn
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases.
Vulnerable Configurations
References
- https://github.com/quinn-rs/quinn/pull/1667
- https://github.com/quinn-rs/quinn/pull/1667
- https://github.com/quinn-rs/quinn/pull/1668
- https://github.com/quinn-rs/quinn/pull/1668
- https://github.com/quinn-rs/quinn/pull/1669
- https://github.com/quinn-rs/quinn/pull/1669
- https://github.com/quinn-rs/quinn/security/advisories/GHSA-q8wc-j5m9-27w3
- https://github.com/quinn-rs/quinn/security/advisories/GHSA-q8wc-j5m9-27w3