GHSA-rfhg-rjfp-9q8q – s2n-quic

Package

Manager: cargo
Name: s2n-quic
Vulnerable Version: >=0 <1.25.0

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Potential denial of service after connection migration ### Impact An issue in s2n-quic results in the endpoint shutting down due to a combination of peer-initiated connection migration and duplicate new connection ID frames being received. No AWS services are affected by this issue, and customers of AWS services do not need to take action. Impacted versions: <=v1.24.0 ### Patches The patch is included in v1.25.0. ### Workarounds There is no workaround. Applications using s2n-quic should upgrade their application to the most recent release of s2n-quic. If you have any questions or comments about this advisory we ask that you contact AWS/Amazon Security via our vulnerability reporting page or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.

Metadata

Created: 2023-07-24T22:43:05Z
Modified: 2023-07-24T22:43:05Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-rfhg-rjfp-9q8q/GHSA-rfhg-rjfp-9q8q.json
CWE IDs: []
Alternative ID: N/A
Finding: F108
Auto approve: 1