{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45311", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-08-26T18:25:35.444Z", "datePublished": "2024-09-02T16:45:39.465Z", "dateUpdated": "2024-09-03T14:04:46.433Z"}, "containers": {"cna": {"title": "Denial of service in quinn-proto when using `Endpoint::retry()`", "problemTypes": [{"descriptions": [{"cweId": "CWE-670", "lang": "en", "description": "CWE-670: Always-Incorrect Control Flow Implementation", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/quinn-rs/quinn/security/advisories/GHSA-vr26-jcq5-fjj8", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/quinn-rs/quinn/security/advisories/GHSA-vr26-jcq5-fjj8"}, {"name": "https://github.com/quinn-rs/quinn/commit/e01609ccd8738bd438d86fa7185a0f85598cb58f", "tags": ["x_refsource_MISC"], "url": "https://github.com/quinn-rs/quinn/commit/e01609ccd8738bd438d86fa7185a0f85598cb58f"}, {"name": "https://github.com/quinn-rs/quinn/blob/bb02a12a8435a7732a1d762783eeacbb7e50418e/quinn-proto/src/endpoint.rs#L213", "tags": ["x_refsource_MISC"], "url": "https://github.com/quinn-rs/quinn/blob/bb02a12a8435a7732a1d762783eeacbb7e50418e/quinn-proto/src/endpoint.rs#L213"}], "affected": [{"vendor": "quinn-rs", "product": "quinn", "versions": [{"version": ">= 0.11.0, < 0.11.7", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-02T16:45:39.465Z"}, "descriptions": [{"lang": "en", "value": "Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. As of quinn-proto 0.11, it is possible for a server to `accept()`, `retry()`, `refuse()`, or `ignore()` an `Incoming` connection. However, calling `retry()` on an unvalidated connection exposes the server to a likely panic in the following situations: 1. Calling `refuse` or `ignore` on the resulting validated connection, if a duplicate initial packet is received. This issue can go undetected until a server's `refuse()`/`ignore()` code path is exercised, such as to stop a denial of service attack. 2. Accepting when the initial packet for the resulting validated connection fails to decrypt or exhausts connection IDs, if a similar initial packet that successfully decrypts and doesn't exhaust connection IDs is received. This issue can go undetected if clients are well-behaved. The former situation was observed in a real application, while the latter is only theoretical."}], "source": {"advisory": "GHSA-vr26-jcq5-fjj8", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "quinn_project", "product": "quinn", "cpes": ["cpe:2.3:a:quinn_project:quinn:*:*:*:*:*:rust:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0.11.0", "status": "affected", "lessThan": "0.11.7", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-03T14:01:33.229542Z", "id": "CVE-2024-45311", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T14:04:46.433Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45311", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-03T14:01:33.229542Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:quinn_project:quinn:*:*:*:*:*:rust:*:*"], "vendor": "quinn_project", "product": "quinn", "versions": [{"status": "affected", "version": "0.11.0", "lessThan": "0.11.7", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T14:04:29.165Z"}}], "cna": {"title": "Denial of service in quinn-proto when using `Endpoint::retry()`", "source": {"advisory": "GHSA-vr26-jcq5-fjj8", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "quinn-rs", "product": "quinn", "versions": [{"status": "affected", "version": ">= 0.11.0, < 0.11.7"}]}], "references": [{"url": "https://github.com/quinn-rs/quinn/security/advisories/GHSA-vr26-jcq5-fjj8", "name": "https://github.com/quinn-rs/quinn/security/advisories/GHSA-vr26-jcq5-fjj8", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/quinn-rs/quinn/commit/e01609ccd8738bd438d86fa7185a0f85598cb58f", "name": "https://github.com/quinn-rs/quinn/commit/e01609ccd8738bd438d86fa7185a0f85598cb58f", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/quinn-rs/quinn/blob/bb02a12a8435a7732a1d762783eeacbb7e50418e/quinn-proto/src/endpoint.rs#L213", "name": "https://github.com/quinn-rs/quinn/blob/bb02a12a8435a7732a1d762783eeacbb7e50418e/quinn-proto/src/endpoint.rs#L213", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. As of quinn-proto 0.11, it is possible for a server to `accept()`, `retry()`, `refuse()`, or `ignore()` an `Incoming` connection. However, calling `retry()` on an unvalidated connection exposes the server to a likely panic in the following situations: 1. Calling `refuse` or `ignore` on the resulting validated connection, if a duplicate initial packet is received. This issue can go undetected until a server's `refuse()`/`ignore()` code path is exercised, such as to stop a denial of service attack. 2. Accepting when the initial packet for the resulting validated connection fails to decrypt or exhausts connection IDs, if a similar initial packet that successfully decrypts and doesn't exhaust connection IDs is received. This issue can go undetected if clients are well-behaved. The former situation was observed in a real application, while the latter is only theoretical."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-670", "description": "CWE-670: Always-Incorrect Control Flow Implementation"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-02T16:45:39.465Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45311", "state": "PUBLISHED", "dateUpdated": "2024-09-03T14:04:46.433Z", "dateReserved": "2024-08-26T18:25:35.444Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-09-02T16:45:39.465Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:quinn_project:quinn:*:*:*:*:*:rust:*:*", "matchCriteriaId": "4C67B1D7-FE4B-4EE4-95F0-D8EA749AA4CF", "versionEndExcluding": "0.11.4", "versionStartIncluding": "0.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. As of quinn-proto 0.11, it is possible for a server to `accept()`, `retry()`, `refuse()`, or `ignore()` an `Incoming` connection. However, calling `retry()` on an unvalidated connection exposes the server to a likely panic in the following situations: 1. Calling `refuse` or `ignore` on the resulting validated connection, if a duplicate initial packet is received. This issue can go undetected until a server's `refuse()`/`ignore()` code path is exercised, such as to stop a denial of service attack. 2. Accepting when the initial packet for the resulting validated connection fails to decrypt or exhausts connection IDs, if a similar initial packet that successfully decrypts and doesn't exhaust connection IDs is received. This issue can go undetected if clients are well-behaved. The former situation was observed in a real application, while the latter is only theoretical."}, {"lang": "es", "value": "Quinn es una implementaci\u00f3n compatible con async y puramente Rust del protocolo de transporte IETF QUIC. A partir del protocolo quinn 0.11, es posible que un servidor `accept()`, `retry()`, `refuse()` o `ignore()` una conexi\u00f3n `Incoming`. Sin embargo, llamar a `retry()` en una conexi\u00f3n no validada expone al servidor a un posible p\u00e1nico en las siguientes situaciones: 1. Llamar a `refuse` o `ignore` en la conexi\u00f3n validada resultante, si se recibe un paquete inicial duplicado. Este problema puede pasar desapercibido hasta que se ejerza la ruta de c\u00f3digo `refuse()`/`ignore()` de un servidor, como para detener un ataque de denegaci\u00f3n de servicio. 2. Aceptar cuando el paquete inicial para la conexi\u00f3n validada resultante no logra descifrar o agota los ID de conexi\u00f3n, si se recibe un paquete inicial similar que descifra con \u00e9xito y no agota los ID de conexi\u00f3n. Este problema puede pasar desapercibido si los clientes se comportan bien. La primera situaci\u00f3n se observ\u00f3 en una aplicaci\u00f3n real, mientras que la segunda es s\u00f3lo te\u00f3rica."}], "id": "CVE-2024-45311", "lastModified": "2024-09-25T17:03:36.817", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-09-02T18:15:37.373", "references": [{"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/quinn-rs/quinn/blob/bb02a12a8435a7732a1d762783eeacbb7e50418e/quinn-proto/src/endpoint.rs#L213"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/quinn-rs/quinn/commit/e01609ccd8738bd438d86fa7185a0f85598cb58f"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/quinn-rs/quinn/security/advisories/GHSA-vr26-jcq5-fjj8"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-670"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-670"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}